Closed thisago closed 3 years ago
Hi @thisago
Thank you for asking. You may post it here, otherwise you can email it to me.
Ok I will post here because i already made the Markdown
Thank you @thisago. I have included a sanitizing in commit 24076e9.
The error with %do
is because the test-platform was compiled with Nim 1.2. This has been fixed in current stable verison https://github.com/nim-lang/Nim/issues/14082.
XSS
This XSS Attack allows injecting HTML in web page, allowing creating a JS payload that sends to attacker all victim cookies, stealing the session.
Affected page
https://nimwc.org/login
Reproducing
The GET paramemeter
msg
injects the data inside of HTML directly without sanitize the user inputExample
This example call
alert
with your cookies: https://nimwc.org/login?msg=%3Cscript%3Ealert(%22XSS%20attack.%20Your%20cookies:%20%22);%20alert(document.cookie)%3C/script%3EFix
For fix, just sanitize the received
msg
data to replace the special HTML elements like: '<' and '>'.Bug
This is a extra vulnerability that have relationship with same parameter
If payload includes
%do
, the Jester server gives an route errorhttps://nimwc.org/login?msg=%do