Monday, September 20, 2021

Vulnerability Type: XSS (Cross Site Scripting) / CWE-79

 Recently, searching the net I found a vulnerability on the site
It is a Cross Site Scripting (XSS) vulnerability

Visiting the original site is no danger, the site is safe and does not contain any malicious code. The problem occurs when a user sends a link, which he has previously modified, to another user. What can happen to you? A window may open with a message, you may be redirected to another site, etc.


 Obviously I was curious to see what the vulnerability was, and I did the research on He was the same guy who reported another vulnerability a few months ago.

Continuing the research, I also found out the code that was used to discover the vulnerability

Here is the code used:


 Another example of malicious script:


 In fact, here is a screenshot with some tentative:

The solution is simple, the input data must be verified and validated and modified if necessary. Another solution is to use a class designed specifically for this, e.g. HTML Purifier.


m = 0 "> ScanT3r <svg / onload = confirm (/ ScanT3r /)> web" 

will become

m = 0