We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
I would like to report for possible XSS vulnerability with the user name.
We see that the username will be setted in the DB without sanitization in file Kalkun-devel\application\models\User_model.php
$this->db->set('username', trim($this->input->post('username')));
Then the username retrieved from the DB and set in the session then redirect to 'kalkun' in file Kalkun-devel\application\models\Kalkun_model.php
function login(){ $username = $this->input->post('username'); $this->db->from('user'); $this->db->where('username', $username); $query = $this->db->get(); if ($query->num_rows() === 1 && password_verify($this->input->post('password'), $query->row('password'))) { //.. $this->session->set_userdata('username', $query->row('username')); //... } if ($this->input->post('r_url')) { redirect($this->input->post('r_url')); } else { redirect('kalkun'); } }
In file Kalkun-devel\application\controllers\Kalkun.php
function index() { //... $this->load->view('main/layout', $data); }
In file Kalkun-devel\application\views\main\layout.php
<?php $this->load->view('main/dock');?>
Finally, in file Kalkun-devel\application\views\main\dock.php
<?php echo $this->session->userdata('username');?>
The text was updated successfully, but these errors were encountered:
Thank you. Would you please submit a pull request with a fix? A suggestion on how to fix xss can be found here: https://github.com/kalkun-sms/Kalkun/wiki/Developing#pull-request-checklist
Sorry, something went wrong.
No branches or pull requests
Hello,
I would like to report for possible XSS vulnerability with the user name.
We see that the username will be setted in the DB without sanitization in file Kalkun-devel\application\models\User_model.php
Then the username retrieved from the DB and set in the session then redirect to 'kalkun' in file Kalkun-devel\application\models\Kalkun_model.php
In file Kalkun-devel\application\controllers\Kalkun.php
In file Kalkun-devel\application\views\main\layout.php
Finally, in file Kalkun-devel\application\views\main\dock.php
The text was updated successfully, but these errors were encountered: