Ticket #674 (reopened Bug report)

Opened 8 years ago

Last modified 7 years ago

XSS on portal

Reported by: xkill Owned by: RPD
Priority: high Milestone: Gateway 2.0
Component: Auth server, Authentication, permissions and access control Version: Gateway SVN
Keywords: Cc:

Description

I detected that the portal main page (login page), is vulnerable to XSS at the parameter: wifidog_language

I attach to images with the problem.

Checked using wapiti:

$ wapiti http://wifi.locolandia.net/ 
Wapiti-1.1.6 (wapiti.sourceforge.net)
.................
Attacking urls (GET)...
-----------------------

Attacking forms (POST)...
-------------------------
Found XSS in http://wifi.locolandia.net/login/
  with params = wifidog_language=%3Cscript%3Evar+wapiti_687474703a2f2f776966692e6c6f636f6c616e6469612e6e65742f6c6f67696e2f_77696669646f675f6c616e6775616765%3Dnew+Boolean%28%29%3B%3C%2Fscript%3E
  coming from http://wifi.locolandia.net/login/

Looking for permanent XSS
-------------------------

Attachments

Pantallazo.png Download (168.9 KB) - added by xkill 8 years ago.
XSS injection
Pantallazo-1.png Download (154.3 KB) - added by xkill 8 years ago.
XSS exploit

Change History

Changed 8 years ago by xkill

XSS injection

Changed 8 years ago by xkill

XSS exploit

  Changed 8 years ago by benoitg

  • status changed from new to closed
  • resolution set to fixed

Fixed in [1433]

in reply to: ↑ description   Changed 7 years ago by anonymous

  • status changed from closed to reopened
  • resolution fixed deleted

Replying to xkill:

I detected that the portal main page (login page), is vulnerable to XSS at the parameter: wifidog_language I attach to images with the problem. Checked using wapiti: {{{ $ wapiti  http://wifi.locolandia.net/ Wapiti-1.1.6 (wapiti.sourceforge.net) ................. Attacking urls (GET)... ----------------------- Attacking forms (POST)... ------------------------- Found XSS in  http://wifi.locolandia.net/login/ with params = wifidog_language=%3Cscript%3Evar+wapiti_687474703a2f2f776966692e6c6f636f6c616e6469612e6e65742f6c6f67696e2f_77696669646f675f6c616e6775616765%3Dnew+Boolean%28%29%3B%3C%2Fscript%3E coming from  http://wifi.locolandia.net/login/ Looking for permanent XSS ------------------------- }}}

Note: See TracTickets for help on using tickets.