razuro
commented
10 years ago Hi,
Do you mind to elaborate how do you produce XSS vuln? I tried copy pasting, but nothing happened.
Closed balcsida closed 9 years ago
razuro
commented
10 years ago Hi,
Do you mind to elaborate how do you produce XSS vuln? I tried copy pasting, but nothing happened.
balcsida
commented
10 years ago I'll try on an another web server, give me a little time
balcsida
commented
10 years ago Sorry for the long wait, I'm retesting everything now
fadlisaad
commented
9 years ago http://monstra-site/admin/"><script>alert(2188772)</script>'Sometime it will show popup, sometime is not. I'm using IBM Rational AppScan
razuro
commented
9 years ago Tested this on https://demos3.softaculous.com/Monstra/admin Just got 404
fadlisaad
commented
9 years ago You need to use IE with XSS filter off
—
Sent from Mailbox
On Thursday Jan 15, 2015 at 10:45, razuro notifications@github.com, wrote:
Tested this on https://demos3.softaculous.com/Monstra/admin Just got 404
Reply to this email directly or view it on GitHub: https://github.com/Awilum/monstra-cms/issues/344#issuecomment-70031939
gramimoss
commented
9 years ago Confirmed XSS is still a problem on monstra 3.0.1
Used IE:10 with XSS filter: off
http://www.domain.com/?"/><script>alert(980991);</script>"PHP command that causes XSS:
<meta property="og:url" content="<?php echo Url::current(); ?>">Result:
<meta property="og:url" content="http://www.domain.com/?"/><script>alert(980991);</script>"">Problem with Gelato Lib:
public static function current()
{
return (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'] : "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
}Solution:
public static function current()
{
return (!empty($_SERVER['HTTPS'])) ? Security::sanitizeURL("https://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']) : Security::sanitizeURL("http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
}
Like: /monstra/?"onmouseover='prompt(980991)'bad="> /monstra/blog/hello-world">