2 FPD & 2 reflected xss vulnerability in web app

[mhasbini]

Reflected xss:

1- https://approach0.xyz/search/?q=test&p=1%22%3E%3Csvg/onload=alert(/test/)%3E 2- https://approach0.xyz/search/?q=%24test%22%3E%3Csvg/onload=alert(/test/)%3E&p=1 fix: sanitize input ( try htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); and check here ) from params q and p in L149-150 index.php.

Full path disclosure:

1- https://approach0.xyz/demo/search-relay.php?p=1&q[]=test 2- https://approach0.xyz/demo/?q[]=test&p=1 1 is caused by strlen($qry_str) in search-relay.php L45, to fix it: use is_scalar when checking $_GET['q'].

[w32zhong]

Hmm... I did not even give a thought on security issue yet. (I do not have much experience also) But thank you for pointing it out, I am willing to spend some time on this issue. Welcome any PR too!

[w32zhong]

Fixed. BTW. My Chromium (52.0.2743.116) is not affected by xss URLs, Firefox is though.

[mhasbini]

My Chromium (52.0.2743.116) is not affected by xss URLs, Firefox is though.

That's because of Chrome xss filter.

The issues provided above look fixed now. Good luck!

[w32zhong]

Good to learn this, thank you!