XSS vulnerability

Discussion in 'General Support' started by chluo, Aug 21, 2021.

  1. chluo

    chluo New Member

    Joined:
    Aug 21, 2021
    Messages:
    2
    Likes Received:
    1
    Hi, we found an XSS vulnerability via the theme parameter to admin/theme.php

    Details:
    $fh = fopen($theme_root . $_POST['theme'] . '/' . $filename, 'w') or die("can't open file " . $theme_root . $_POST['theme'] . '/' . $filename);
    The $_POST variable is used as argument in die() function. When fopen fails, the attackers can perform XSS attack (see attachment).
     

    Attached Files:

  2. Nootkan

    Nootkan New Member

    Joined:
    Sep 7, 2018
    Messages:
    27
    Likes Received:
    0
    As it seems no one is supporting this script any more could you provide the solution? Much appreciated.
     
  3. chluo

    chluo New Member

    Joined:
    Aug 21, 2021
    Messages:
    2
    Likes Received:
    1
    It is recommended to use htmlspecialchars to sanitize the $_POST variable.
    $fh = fopen($theme_root . $_POST['theme'] . '/' . $filename, 'w') or die("can't open file " . $theme_root . htmlspecialchars($_POST['theme']) . '/' . $filename);
     
    Nootkan likes this.
  4. Nootkan

    Nootkan New Member

    Joined:
    Sep 7, 2018
    Messages:
    27
    Likes Received:
    0
    Wow you're awesome! Thanks very much!
     

Share This Page