Hi,
in cost.php the user passes a variable named condition
https://github.com/dargmuesli/randomwinpicker/blob/869087e51d98716b88c3b6d40bf4b03639888f35/src/static/resources/dargmuesli/cost.php#L6
then the variable condition is added into a HTML template, without escaping possible HTML injections.
The template is also echoed without any further escaping of injected HTML.
So a possible attack would be:
siteoftheurl.com/cost.php?condition=
I could use that to perform malicious actions from the targeted user account or steal his cookies, since there appears to be no CSRF protection.
Hey, thanks for checking out my most legacy project I host on GitHub and taking the challenge! :stuck_out_tongue_closed_eyes:
Let's have a chat on flipdot's Mumble soon, ok? :partying_face:
Hi, in cost.php the user passes a variable named condition https://github.com/dargmuesli/randomwinpicker/blob/869087e51d98716b88c3b6d40bf4b03639888f35/src/static/resources/dargmuesli/cost.php#L6 then the variable condition is added into a HTML template, without escaping possible HTML injections. The template is also echoed without any further escaping of injected HTML. So a possible attack would be: siteoftheurl.com/cost.php?condition= I could use that to perform malicious actions from the targeted user account or steal his cookies, since there appears to be no CSRF protection.