Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CX Stored_XSS @ or-getroominfo.php [master] #69

Open
cxronen opened this issue Jun 17, 2020 · 9 comments
Open

CX Stored_XSS @ or-getroominfo.php [master] #69

cxronen opened this issue Jun 17, 2020 · 9 comments

Comments

@cxronen
Copy link
Owner

cxronen commented Jun 17, 2020

Stored_XSS issue exists @ or-getroominfo.php in branch master

The application's <?php embeds untrusted data in the generated output with echo, at line 1 of or-getroominfo.php. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
The attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the <?php method with mysql_fetch_array, at line 1 of or-getroominfo.php. This untrusted data then flows through the code straight to the output web page, without sanitization. 
This can enable a Stored Cross-Site Scripting (XSS) attack.

Severity: High

CWE:79

Checkmarx

Lines: 147 99 156 94


Code (Line #147):

		while($shours = mysql_fetch_array($shours_result)){

Code (Line #99):

		while($dhours = mysql_fetch_array($dhours_result)){

Code (Line #156):

		while($groups = mysql_fetch_array($groups_result)){

Code (Line #94):

	while($record = mysql_fetch_array($room_result)){

@cxronen
Copy link
Owner Author

cxronen commented Jun 17, 2020

Issue still exists.

7 similar comments
@cxronen
Copy link
Owner Author

cxronen commented Jun 17, 2020

Issue still exists.

@cxronen
Copy link
Owner Author

cxronen commented Jun 18, 2020

Issue still exists.

@cxronen
Copy link
Owner Author

cxronen commented Jun 18, 2020

Issue still exists.

@cxronen
Copy link
Owner Author

cxronen commented Jun 18, 2020

Issue still exists.

@cxronen
Copy link
Owner Author

cxronen commented Jun 18, 2020

Issue still exists.

@cxronen
Copy link
Owner Author

cxronen commented Jun 22, 2020

Issue still exists.

@cxronen
Copy link
Owner Author

cxronen commented Jul 2, 2020

Issue still exists.

@cxronen
Copy link
Owner Author

cxronen commented Sep 17, 2020

Issue still exists.

SUMMARY

Issue has 4 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant