[Security] XSS in application/controllers/dropbox.php - Githubissues

hjue / JustWriting

markdown blog system

http://hjue.github.io/JustWriting/

MIT License

530 stars 79 forks source link

[Security] XSS in application/controllers/dropbox.php #106

Open seongil-wi opened 3 years ago

seongil-wi commented 3 years ago

Describe the bug/issue

Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser.

To Reproduce Steps to reproduce the behavior:

Go to the following link: http://[server]/sync/dropbox/download?challenge=%3Cscript%3Ealert(1)%3C/script%3E
Boom!

Where the vulnerability occurred? The code below displays the user-controlled parameter challenge in application/controllers/dropbox.php with incorrect sanitization: https://github.com/hjue/JustWriting/blob/49731e03280e0474a1e862b73baabacb4ffccbfa/application/controllers/dropbox.php#L36