A reflected Cross Site Scripting (XSS) vulnerability exists in iBarn v1.5 due to improper sanitization of the $search parameter in the html/index.php, html/pay.php, and html/own.php files. Although the htmlspecialchars function is used to encode HTML entities, the developers utilized the flag ENT_NOQUOTES, which does not encode single or double quotes, leading to the vulnerability.
Details
The misuse of the htmlspecialchars function allows the injection of JavaScript code into the search field, which can be exploited for XSS attacks.
This vulnerability is distinct from CVE-2024-26471 as it specifically targets the $search parameter processed through the htmlspecialchars function and then bypasses filtering.
Although CVE-2024-26471 only mentioned that the search field in html/offer.php lacks any filtering, our investigation revealed that several other pages (shareme.php, recycle.php, collection.php, pub.php, myshare.php) also do not filter the $search parameter, leading to multiple cross-site scripting (XSS) vulnerabilities.
Summary
A reflected Cross Site Scripting (XSS) vulnerability exists in iBarn v1.5 due to improper sanitization of the
$search
parameter in thehtml/index.php
,html/pay.php
, andhtml/own.php
files. Although thehtmlspecialchars
function is used to encode HTML entities, the developers utilized the flagENT_NOQUOTES
, which does not encode single or double quotes, leading to the vulnerability.Details
The misuse of the htmlspecialchars function allows the injection of JavaScript code into the search field, which can be exploited for XSS attacks.
html/index.php:
html/pay.php:
html/own.php:
Proof of Concept (PoC)
Differentiation from CVE-2024-26471
This vulnerability is distinct from CVE-2024-26471 as it specifically targets the $search parameter processed through the htmlspecialchars function and then bypasses filtering. Although CVE-2024-26471 only mentioned that the search field in
html/offer.php
lacks any filtering, our investigation revealed that several other pages (shareme.php
,recycle.php
,collection.php
,pub.php
,myshare.php
) also do not filter the$search
parameter, leading to multiple cross-site scripting (XSS) vulnerabilities.