Closed mhasbini closed 7 years ago
Hmm... I did not even give a thought on security issue yet. (I do not have much experience also) But thank you for pointing it out, I am willing to spend some time on this issue. Welcome any PR too!
Fixed. BTW. My Chromium (52.0.2743.116) is not affected by xss URLs, Firefox is though.
My Chromium (52.0.2743.116) is not affected by xss URLs, Firefox is though.
That's because of Chrome xss filter.
The issues provided above look fixed now. Good luck!
Good to learn this, thank you!
Reflected xss:
1- https://approach0.xyz/search/?q=test&p=1%22%3E%3Csvg/onload=alert(/test/)%3E 2- https://approach0.xyz/search/?q=%24test%22%3E%3Csvg/onload=alert(/test/)%3E&p=1 fix: sanitize input ( try
htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
and check here ) from paramsq
andp
in L149-150 index.php.Full path disclosure:
1- https://approach0.xyz/demo/search-relay.php?p=1&q[]=test 2- https://approach0.xyz/demo/?q[]=test&p=1 1 is caused by
strlen($qry_str)
in search-relay.php L45, to fix it: useis_scalar
when checking$_GET['q']
.