Closed bestshow closed 7 years ago
Excuse me, is there anyone dealing with this issue?
Looking at this.
@bestshow did you actually see an alert window pop up?
I get the standard "ERROR: Invalid ajax action "\"><\""!" which occurs if the ?a parameter is not in the supported list of actions.
It bails out here in ajax.php (https://github.com/devryan/GamePanelX-V3/blob/master/ajax/ajax.php#L29):
if(!in_array($this_request, $allowed_reqs)) die('ERROR: Invalid ajax action "' . $this_request . '"!');
I tested this issue on firefox latest version in win7.
I have updated this and setup a pull request: https://github.com/devryan/GamePanelX-V3/pull/164
Can you test from here and confirm the bug is gone?
You have fixed it,the vulnerbility is gone now.
Merged the fix into master branch, closed the branch: https://github.com/devryan/GamePanelX-V3/commit/2f78f27727da4216587d46a0be13ffc71f9267a2
Thanks for reporting, @bestshow !
@devryan Thanks for replying, you`re welcome.
Product: GamePanelX-V3 Download: https://github.com/devryan/GamePanelX-V3 Vunlerable Version: 3.0.12 and probably prior Tested Version: 3.0.12 Author: ADLab of Venustech
Advisory Details: A Cross-Site Scripting (XSS) was discovered in“GamePanelX-V3 3.0.12”, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user-supplied data in the “a” HTTP GET parameter passed to the “GamePanelX-V3-master/ajax/ajax.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox: Poc: http://localhost/.../GamePanelX-V3-master/ajax/ajax.php?a=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22