Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible XSS vulnerability #487

Open
enferas opened this issue Dec 26, 2022 · 1 comment
Open

Possible XSS vulnerability #487

enferas opened this issue Dec 26, 2022 · 1 comment

Comments

@enferas
Copy link

enferas commented Dec 26, 2022

Hello,

I would like to report for possible XSS vulnerability with the user name.

We see that the username will be setted in the DB without sanitization in file Kalkun-devel\application\models\User_model.php

$this->db->set('username', trim($this->input->post('username')));

Then the username retrieved from the DB and set in the session then redirect to 'kalkun' in file Kalkun-devel\application\models\Kalkun_model.php

function login(){
  $username = $this->input->post('username');
  $this->db->from('user');
  $this->db->where('username', $username);
  $query = $this->db->get();
  
  if ($query->num_rows() === 1 && password_verify($this->input->post('password'), $query->row('password')))
  {
	  //..
	  $this->session->set_userdata('username', $query->row('username'));
         //...
  }
  if ($this->input->post('r_url'))
  {
  redirect($this->input->post('r_url'));
  }
  else
  {
  redirect('kalkun');
  }
}

In file Kalkun-devel\application\controllers\Kalkun.php

function index()
{
  //...
  $this->load->view('main/layout', $data);
}

In file Kalkun-devel\application\views\main\layout.php

<?php $this->load->view('main/dock');?>

Finally, in file Kalkun-devel\application\views\main\dock.php

<?php echo $this->session->userdata('username');?>
@tenzap
Copy link
Collaborator

tenzap commented Dec 27, 2022

Thank you. Would you please submit a pull request with a fix?
A suggestion on how to fix xss can be found here:
https://github.com/kalkun-sms/Kalkun/wiki/Developing#pull-request-checklist

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants