I have find a Reflected XSS vulnerability in this project

[jgj212]

Hello: I have find a Reflected XSS vulnerability in this project.

The vulnerability exists due to insufficient filtration of user-supplied data in “id” HTTP parameter that will be passed to “wuhu-master/www_admin/users.php”. The infected source code is line 67, there is no protection on $_GET["id"]; if $_GET["id"] contains evil js code, line 67 will trigger untrusted code to be excuted on the browser side.

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. http://your-web-root/wuhu-master/www_admin/users.php?id="><"

The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):

Discoverer: ADLab of Venustech

[Gargaj]

That's very nice but it's the admin interface; if you wanna break your own party, it's your own damn fault.

[jgj212]

@Gargaj yes, it is the admin interface. but a attacker can use this vulnerability to do some harm, because send a evil url to the admin of the website do not need any admin permission.

[Gargaj]

It's not a website, it's a locally ran web interface, where the admin section is password protected and noone can send requests to it. But don't worry, i'll "fix" it.

[jgj212]

@Gargaj tks, i got it

[attritionorg]

https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OTG-INPVAL-001)

FYI