PHPCheckstyle V0.14.6 - Multiple Cross-Site Scripting (XSS)

Question

PHPCheckstyle V0.14.6 - Multiple Cross-Site Scripting (XSS)

bestshow opened this issue 8 years ago · 1 comments

Product：PHPCheckstyle
Download: https://github.com/PHPCheckstyle/phpcheckstyle
Vunlerable Version: V0.14.6 and probably prior
Tested Version: V0.14.6
Author: ADLab of Venustech

Advisory Details:
I have discovered multiple Cross-Site Scripting (XSS) in “PHPCheckstyle”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to the “phpcheckstyle-master/runFromWeb.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
Post : resultDir= ><script>alert(1);</script><
To
http://localhost/.../phpcheckstyle-master/runFromWeb.php

(2)
Post : sourceDir= ><script>alert(1);</script><
To
http://localhost/.../phpcheckstyle-master/runFromWeb.php

Answer 1 · 2017-03-09T16:45:05.000Z

RunFromWeb is a localhost interface for the script, it is not supposed to be seen from internet.

We should maybe change the name ...