Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability Report - XSS in documentos_funcionario.php parameter dados_addInfo #816

Closed
nmmorette opened this issue Dec 4, 2024 · 0 comments
Closed

Vulnerability Report - XSS in documentos_funcionario.php parameter dados_addInfo #816

nmmorette opened this issue Dec 4, 2024 · 0 comments
Assignees
@GabrielPintoSouza
Labels
urgente vulnerability

Comments

@nmmorette
Copy link

Vulnerability Description

A stored Cross-Site Scripting (XSS) vulnerability was identified in the WeGIA application. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page.

Location

The vulnerabilities were found in the following URLs:
html/geral/documentos_funcionario.php

Vulnerable Parameters: dados_addInfo

Impact

Exploitation of these vulnerabilities allows an attacker to inject and store malicious JavaScript code on the server, which will be executed for all users accessing the affected pages. This malicious code can:
Steal sensitive user information (e.g., session cookies, authentication tokens),
Redirect users to malicious sites,
Manipulate the application's interface, enabling phishing attacks and other social engineering techniques,
Compromise the application's integrity, causing potentially severe impacts to user experience and security.

Reproducing the Vulnerability

To reproduce the issue, insert the following payloads into the vulnerable field of the URL and save the changes:

<script>alert('Alert: XSS2');</script>

After saving the input, the injected script will be stored on the server and automatically executed for any user accessing the html/geral/documentos_funcionario.php, confirming the stored XSS.

Recommendations

To mitigate this vulnerability, it is recommended to:
Sanitize and Validate Inputs: Filter and escape all user inputs, especially in the fields endpoint, name, token, and nome.
Output Encoding: Ensure all stored data is properly encoded before being rendered in the HTML response.
Content Security Policy (CSP): Implement a Content Security Policy to restrict script execution to trusted sources.

Reference

For more details on XSS and mitigation strategies, please refer to the OWASP XSS Prevention Cheat Sheet.

POC

File: documentos_funcionario.php
Payload: <script>alert('Alert: XSS2');</script>
Trigger in: funcionario/profile_funcionario.php?id_funcionario=1
Endpoint: dados_addInfo

image

image
@nmmorette nmmorette changed the title Vulnerability Report - XSS in documentos_funcionario.php param dados_addInfo Vulnerability Report - XSS in documentos_funcionario.php parameter dados_addInfo Dec 4, 2024
GabrielPintoSouza added a commit that referenced this issue Dec 6, 2024
@GabrielPintoSouza
Resolução XSS [Issue #816]
b1b4ac8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GabrielPintoSouza GabrielPintoSouza

Labels
urgente vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nilsonLazarin @nmmorette @GabrielPintoSouza