xss_2

[xjzzzxx]

Hello,

I would like to report for a XSS vulnerability in gazelle commit 63b3370

In file https://github.com/WhatCD/Gazelle/blob/master/sections/tools/managers/enable_requests.php

<input type="hidden" name="view" value="<?=$_GET['view']?>" />  // Line 159
<td><input type="text" name="username" value="<?=$_GET['username']?>" /></td> // Line 164
...
// There are still many unchecked outputs

Source from $_GET['view'] without any filtering or checking which resulting in XSS.

Poc

GET sections/tools/managers/enable_requests.php?view=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22

Manual verification

BTW，cms.gazelle.com in local（changes hosts）

[aaronhenderson]

Only affects staff and FLS so shouldn't really be any greater of a problem than tracking cookies, session fixation and standard grand theft auto really. Why haven't you submitted a pull request with an appropriate patch / fix?

Anyway; nice to see the projects not completely dead in the www, even if all the permissible use cases were fulfilled many years ago with private patches; still a really good framework to adopt as something worth understanding, learning and supporting none of the less.

Not worth being pirated over though sadly which is a real thing in many paradigms; californication, moderation and carole voldermolt.