Cross Site Scripting (XSS) attacks in index.php
Added by Hanung Febrianto about 10 years ago
Dear everyone! I have a problem with my Extplorer (webbased file manager), the pentest system at my office has detected a high risk of attack Cross Site Scripting (XSS) in index.php. Is there anyone can help me? Would you please give the solution to the above problem? Thanks!
Cross Site ScriptingSeverity High
Type Validation
Reported by module Scripting (XSS_in_URI.script)
/index.php
Details
URI was set to 957266"():;988165
The input is reflected inside <script> tag between double quotes.
Request headers
GET /index.php/957266%22():;988165 HTTP/1.1
Cookie: eXtplorer=MKCO3s0cmVG8cB5ERO6gtsFC73uVoU9W
Host: filesbilateral.bilateral.go.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
Description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.
Affected items
/index.php
Details
URI was set to ö" onmouseover=prompt(930630) //
The input is reflected inside a tag parameter between double quotes.
Request headers
GET /index.php/%F6%22%20onmouseover=prompt(930630)%20// HTTP/1.1
Cookie: eXtplorer=MKCO3s0cmVG8cB5ERO6gtsFC73uVoU9W
Host: filesbilateral.bilateral.go.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
URL: http://filesbilateral.bilateral.go.id/
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: http://filesbilateral.bilateral.go.id/scripts/extjs3/resources/css/xtheme-blue.css
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: http://filesbilateral.bilateral.go.id/scripts/extjs3/resources/css/ext-all.css
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: http://filesbilateral.bilateral.go.id/scripts/extjs3/adapter/
Vulnerabilities has been identified for this URL
No input(s) found for this URL
Acunetix Website Audit 17
URL: http://filesbilateral.bilateral.go.id/scripts/extjs3/ext-all.js
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: http://filesbilateral.bilateral.go.id/index.php
Vulnerabilities has been identified for this URL
3 input(s) found for this URL
Inputs
URL: http://filesbilateral.bilateral.go.id/changelog.txt
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: http://filesbilateral.bilateral.go.id/readme.txt
Vulnerabilities has been identified for this URL
No input(s) found for this URL
Replies (1)
RE: Cross Site Scripting (XSS) attacks in index.php - Added by Sören Eberhardt-Biermann about 10 years ago
To fix this problem please open the file /include/init.php and add the following code on line 35, right before
// Vars
so it looks like this:
* This file initializes most of the variables and constants we need in eXtplorer
*/
if (isset ($_SERVER['ORIG_PATH_INFO']) && $_SERVER['ORIG_PATH_INFO'] != $_SERVER['PHP_SELF']) {
$_SERVER['PATH_INFO'] = $_SERVER['ORIG_PATH_INFO'];
}
// Security measure, to avoid XSS exploit.
if (!empty ($_SERVER['PATH_INFO']) && strrpos ($_SERVER['PHP_SELF'], $_SERVER['PATH_INFO'])) {
$_SERVER['PHP_SELF'] = substr ($_SERVER['PHP_SELF'], 0, -(strlen ($_SERVER['PATH_INFO'])));
}
// Vars
That fixes the XSS vulnerability. Please test it on your system.
ciao, Sören