You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Severity: HighDiscovered: 13 of July-2023, 01:08 PM
CWE ID
CWE-79
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Details
This vulnerability was found in the Query by changing the value of the parameter "".
The value ';
' was injected, which caused the target to execute an alert function with the value 767621, which verified that the JavaScript injection was successful.
EOF,
remedy: <<-EOF
To remedy this vulnerability, a proper input validation and sanitization should be applied to the "" parameter.
The best course of action is not to blacklist or disallow specific characters, but instead to verify that the input has the relevant types and structure.
For example, the value of the above parameter is detected as type: MultiParse::DataType::String. A good start is to verify that it is not a different type of data structure.
Another good approach is to validate that integer fields accept only integers, text fields only accept alphabetical characters (if possible) and types (such as JSON or other formatted objects) are verified and parsed before being digested and reflected back to the user.
EOF,
exposure: <<-EOF
Abusing Cross-Site Scripting might allow an attacker to inject a malicious payload and steal cookie sessions and other sensitive data or to manipulate a user's integration with the application.
Both reflected and stored XSS can be addressed by performing the appropriate validation and escaping on the server-side. DOM Based XSS can be addressed with a special subset of rules a more in-depth and detailed reading is suggested in the reference section
Request
GET https://brokencrystals.com/api/testimonials/count?query=%3B%3Cdiv+OnCliCk%3Dalert%28767621%29%3E%3C%2Fdiv%3E HTTP/1.1Accept: application/json, text/plain, */*Referer: https://brokencrystals.com/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/106.0.5249.119 Safari/537.36accept-encoding: identitycookie: bc-calls-counter=1689253590564; connect.sid=YW9r0HBe-iKCwciS2_TTEcdJmJgPd016.xfnmIVxhmMPPjPVTpC7pIapvjslVXQ6OqSqK4inviSIsec-fetch-dest: emptysec-fetch-mode: corssec-fetch-site: same-originContent-Length: 0
Response
HTTP/1.1 200access-control-allow-origin: *content-length: 64content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'content-type: text/htmldate: Thu, 13 Jul 2023 13:08:00 GMTstrict-transport-security: max-age=15724800; includeSubDomainsvary: Originx-content-type-options: 1x-xss-protection: 0set-cookie: bc-calls-counter=1689253680658;<div OnCliCk=alert(767621)></div> - syntax error at or near "<"
Reflective Cross-site scripting (rXSS)
Severity:
HighDiscovered:13 of July-2023, 01:08 PMCWE ID
CWE-79
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Details
This vulnerability was found in the Query by changing the value of the parameter "".
' was injected, which caused the target to execute an alert function with the value 767621, which verified that the JavaScript injection was successful.The value ';
EOF,
remedy: <<-EOF
To remedy this vulnerability, a proper input validation and sanitization should be applied to the "" parameter.
The best course of action is not to blacklist or disallow specific characters, but instead to verify that the input has the relevant types and structure.
For example, the value of the above parameter is detected as type: MultiParse::DataType::String. A good start is to verify that it is not a different type of data structure.
Another good approach is to validate that integer fields accept only integers, text fields only accept alphabetical characters (if possible) and types (such as JSON or other formatted objects) are verified and parsed before being digested and reflected back to the user.
EOF,
exposure: <<-EOF
Abusing Cross-Site Scripting might allow an attacker to inject a malicious payload and steal cookie sessions and other sensitive data or to manipulate a user's integration with the application.
Possible exposure
Execute Unauthorized Code or Commands; Bypass Protection Mechanism; Read Application Data; Website Defacement
Remediation suggestions
Both reflected and stored XSS can be addressed by performing the appropriate validation and escaping on the server-side. DOM Based XSS can be addressed with a special subset of rules a more in-depth and detailed reading is suggested in the reference section
Request
Response
Screenshots
External links
The text was updated successfully, but these errors were encountered: