Ticket #674 (reopened Bug report)

Opened 12 years ago

Last modified 11 years ago

XSS on portal

Reported by: xkill Owned by: RPD
Priority: high Milestone: Gateway 2.0
Component: Auth server, Authentication, permissions and access control Version: Gateway SVN
Keywords: Cc:

Description

I detected that the portal main page (login page), is vulnerable to XSS at the parameter: wifidog_language

I attach to images with the problem.

Checked using wapiti:

$ wapiti http://wifi.locolandia.net/ 
Wapiti-1.1.6 (wapiti.sourceforge.net)
.................
Attacking urls (GET)...
-----------------------

Attacking forms (POST)...
-------------------------
Found XSS in http://wifi.locolandia.net/login/
  with params = wifidog_language=%3Cscript%3Evar+wapiti_687474703a2f2f776966692e6c6f636f6c616e6469612e6e65742f6c6f67696e2f_77696669646f675f6c616e6775616765%3Dnew+Boolean%28%29%3B%3C%2Fscript%3E
  coming from http://wifi.locolandia.net/login/

Looking for permanent XSS
-------------------------

Attachments

Pantallazo.png Download (168.9 KB) - added by xkill 12 years ago.
XSS injection
Pantallazo-1.png Download (154.3 KB) - added by xkill 12 years ago.
XSS exploit

Change History

Changed 12 years ago by xkill

XSS injection

Changed 12 years ago by xkill

XSS exploit

  Changed 12 years ago by benoitg

  • status changed from new to closed
  • resolution set to fixed

Fixed in [1433]

in reply to: ↑ description   Changed 11 years ago by anonymous

  • status changed from closed to reopened
  • resolution fixed deleted

Replying to xkill:

I detected that the portal main page (login page), is vulnerable to XSS at the parameter: wifidog_language I attach to images with the problem. Checked using wapiti: {{{ $ wapiti  http://wifi.locolandia.net/ Wapiti-1.1.6 (wapiti.sourceforge.net) ................. Attacking urls (GET)... ----------------------- Attacking forms (POST)... ------------------------- Found XSS in  http://wifi.locolandia.net/login/ with params = wifidog_language=%3Cscript%3Evar+wapiti_687474703a2f2f776966692e6c6f636f6c616e6469612e6e65742f6c6f67696e2f_77696669646f675f6c616e6775616765%3Dnew+Boolean%28%29%3B%3C%2Fscript%3E coming from  http://wifi.locolandia.net/login/ Looking for permanent XSS ------------------------- }}}

Note: See TracTickets for help on using tickets.