search

idpay / idpay-contact-form7-plugin

افزونه کانتکت فرم - Contact Form 7 (CF7)
0 stars 4 forks source link

XSS Injection #12

Open lp1dev opened 2 years ago

lp1dev commented 2 years ago

Hello! I noticed this field displaying errors in forms created using idpay-for-contact-form is actually vulnerable to XSS injection :

https://github.com/idpay/idpay-for-contact-form-7/blob/f6142f9ce0782a9aff6b4c8580bdb365362c57d6/includes/Admin/AdditionalSettingsForm.php#L239

The GET parameter idpay_error is not sanitized and can lead to javascript injection, for instance by providing such a parameter in a URL with the value <script>alert('XSS Triggered')</script>.

Here are the steps to reproduce the issue :

1 - Create a new Contact form with an idPay payment interface

I used the following example form : 

[payment idpay_amount currency:off]

[acceptance acceptance-849 id:test class:test optional] Test [/acceptance]

[submit id:test class:test "Test"]

form

2 - Use the form shortcode in a page

form_shortcode

3 - Add the HTML+JS in the parameter

Add a parameter containing HTML/JS data, such as -> &idpay_error=<script>alert(1)</script>

xss_triggered

Let me know if you need more information to reproduce the issue!

MimDeveloperTv commented 2 years ago

thanks for tell me this problems . please give me a little time for resolve @lp1dev