XSS (Cross-Site Scripting) is the act of injecting malicious code into a web page which is then executed interacted with by the target. In Reflective XSS, the attacker investigates a real website for any area where it may produce output (e.g a form input rendering its input to the screen) unsanitized. This allows for code to be injected into the website that can produce malicious actions, such as stealing the users cookies, allowing the attacker to hijack the targets session. Once the attacker has injected a vulnerability, they send the malicious link to the target who clicks on it, at which point the malicious code will execute.
Located
In the function 'failedLogin', the session 'failedMessage' is including the unsanitized user id, which is then rendered to the screen in index.php (Line 94)
HTTP request type
POST Request
Vunerable parameter / behaviour
The 'failedMessage' session variable and the 'uid' parameter retrieved from the form input.
Payload / actions for reproduction
Create a form that sends the post request with the malicious payload stored in the UID variable
Vulnerability
Reflective XSS
Description
XSS (Cross-Site Scripting) is the act of injecting malicious code into a web page which is then executed interacted with by the target. In Reflective XSS, the attacker investigates a real website for any area where it may produce output (e.g a form input rendering its input to the screen) unsanitized. This allows for code to be injected into the website that can produce malicious actions, such as stealing the users cookies, allowing the attacker to hijack the targets session. Once the attacker has injected a vulnerability, they send the malicious link to the target who clicks on it, at which point the malicious code will execute.
Located
In the function 'failedLogin', the session 'failedMessage' is including the unsanitized user id, which is then rendered to the screen in index.php (Line 94)
HTTP request type
POST Request
Vunerable parameter / behaviour
The 'failedMessage' session variable and the 'uid' parameter retrieved from the form input.
Payload / actions for reproduction
Code fix
Sanitize the characters before rendering them to the screen