ESP8266 WiFi File Manager – Multiple Cross-Site Scripting (XSS) in “send_Compile.php”

Question

ESP8266 WiFi File Manager – Multiple Cross-Site Scripting (XSS) in “send_Compile.php”

Closed this issue 8 years ago · 2 comments

Product: ESP8266 WiFi File Manager
Download: https://github.com/breagan/ESP8266_WiFi_File_Manager
Vunlerable Version: latest version
Tested Version: latest version
Author: ADLab of Venustech

Advisory Details:
Multiple Cross-Site Scripting (XSS) were discovered in “ESP8266 WiFi File Manager latest version”, which can be exploited to execute arbitrary code.
The vulnerabilities exist due to insufficient filtration of user-supplied data in multiple parameters passed to the “ESP8266_WiFi_File_Manager-master/PHP_files/send_Compile.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
Post:IP= ><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/send_Compile.php
(2)
Post: filename=><script>alert(1);</script><
To
http://localhost/.../ESP8266_WiFi_File_Manager-master/PHP_files/send_Compile.php

Answer 1 · 2017-04-18T07:35:34.000Z

Excuse me, is there anyone dealing with this issue?

Answer 2 · 2017-04-18T20:51:17.000Z

If you plan on deploying this solution outside of your local/private LAN, then yes you should address this. You will need to do some slash stripping, disallowing certain html chars and preg filtering.
On your local/private secured LAN you are pretty safe, unless you decide to hack yourself.
;-)