Non Persistent XSS vulnerability

Closed this issue 12 years ago · 0 comments

abhishekdelta commented 12 years ago

Vulnerability:
Line 102 of login.lib.php
displayinfo("Authentication failure for password reset for $user_email");

Attack:
Just visit http://127.0.0.1/pragyancms/home/+login&subaction=resetPasswd&key=wojoe&resetPasswd=%3Cscript%3Ealert(String.fromCharCode(71,111,116,32,98,111,111,110,101,100));document.write(String.fromCharCode(60,104,49,62,80,114,97,103,121,97,110,67,77,83,32,83,117,99,107,115,60,47,104,49,62))%3C/script%3E

Note that http://127.0.0.1/pragyancms is my installation directory where I installed the PragyanCMS

Patch:
Path: replace Line 102 with
displayinfo("Authentication failure for password reset for ".safe_html($user_email));