grelu
commented
6 years ago Solution : http://htmlpurifier.org/
I'm sorry !
Closed grelu closed 6 years ago
grelu
commented
6 years ago Solution : http://htmlpurifier.org/
I'm sorry !
Hi,
I think there is a XSS. I can intercept the request and add a malicious code.
` POST /fr/article/5/edit HTTP/1.1 Host: bookmydata.fr:8080 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost:8080/fr/article/5/edit Content-Type: multipart/form-data; boundary=---------------------------21399709425059566461051380177 Content-Length: 873 Cookie: PHPSESSID=1cqf2h8476c1fjo2q3f4jo7al5 Connection: close Upgrade-Insecure-Requests: 1
-----------------------------21399709425059566461051380177 Content-Disposition: form-data; name="appbundle_article[title]"
test -----------------------------21399709425059566461051380177 Content-Disposition: form-data; name="appbundle_article[content]"
-----------------------------21399709425059566461051380177 Content-Disposition: form-data; name="appbundle_article[attachmentFile]"; filename="" Content-Type: application/octet-stream
-----------------------------21399709425059566461051380177 Content-Disposition: form-data; name="appbundle_article[_token]"
sIVF2biFHFRHWqhylsVMg9t0ehvkenh0FN70epJKy6w -----------------------------21399709425059566461051380177-- ` The field "content" is my textarea.
Thanks for your help.