Vulnerable to XSS

[dehlirious]

In search.php, the search term is directly handed off with no processing. Line 7 $term = $_GET['term'];

Thus line 18 <?php if(isset($term) && $term != '') echo($term . ' | '); ?>

Line 53 <input class="searchBox" type="text" name="term" value="<?php echo $term; ?>" autocomplete="off">

Line 65 & 70, are all vulnerable to XSS.

So navigating to "search.php?type=&term=">''"><b><h1>" would result in a broken page.

Is this a big deal? No. But it's bad practice.

https://github.com/safesploit/doogle/blob/main/search.php

[safesploit]

As XSS is defined as an attack in which an attacker injects malicious executable scripts into the code of a trusted website, I can foresee the possibility of indexing malicious JavaScript code in the MySQL database, which when being searched by search.php could return malicious code to the user.

Prevent XSS vulnerability with PHP give the following example echo htmlspecialchars($string, ENT_QUOTES, 'UTF-8');

In which case search.php line 7 $term = $_GET['term']; should be followed by $term = htmlspecialchars($term, ENT_QUOTES, 'UTF-8');.

[safesploit]

Code to be amended on next patch: search.php

if(isset($_GET['term']))
{   
    $term = $_GET['term'];
    $term = htmlspecialchars($term, ENT_QUOTES, 'UTF-8');
}