XSS vulnerability
Expected behavior
When clicking on links, refering steempayout.com I dont expect any xss vulnerabilities.
Actual behavior
There is the possibility to inject javascript to the side and this means I can do what ever I want to do with the users clicking that link...
How to reproduce
navigate to http://www.steempayout.com
enter the username you want to check the payout from.
manipulate the parameter within the url to your needs...
example :
http://www.steempayout.com/?username=snackaholic
to
https://steempayout.com/?username=%3Cscript%3Ealert(%22hallo%22)%3C/script%3E
- Browser:
Google Chrome Version 65.0.3325.181 - Operating system: Windows 10
Recording Of The Bug
Screenshot of Google Chrome protecting the user:
Screenshot of the malicious code that got injected to the site:
Posted on Utopian.io - Rewarding Open Source Contributors
This particular contribution cannot be approved because the repositry associated to this contribution doesn't accept issues. As per the Utopian Rules:
The repository on GitHub must accept issues.
Need help? Write a ticket on https://support.utopian.io.
Chat with us on Discord.
[utopian-moderator]
Hey, thanks for your feedback! Since this projekt is forked from here (oguzdelioglu/Steemit-Pending-Payouts-Checker-PHP) and this project allows issues, would it be possible to address it to that repository instead? I mean this is some serious problem which should be fixed asap, since it is allowing 3rd users to control the page for their needs...
Unfortunately, the other repository isn't valid because it doesn't have a license or a readme.
I would contact the project owner on Steem or Discord (if the project owner use's it). They may see it if you tag them in this post. It's a shame that they don't accept issues as this may be useful to the project owner.
Thanks for your help, appreciate it!
@akintunde would you be so kind and enable issues? It also brings the possibility to give you some feedback in form of suggestions and so on.
Hello, I understand that there are XSS vulnerabilities but it gives the hacker no advantage, as it gives you no access to the Database which does not really exist. All the data are gotten directly from the steem blockchain. The vulnerability test will be checked but it holds no threat.
You are right that you cannot steal data from a database with this kind of attack but there are tons of other possibilities to abuse that vulnerability.
just a quick reference here of some possibilities bad people could use your site for after quick google search.
Anyways im glad to hear that you will fix that & keep up the great work :)
I really do appreciate your work as this will help me make steempayout.com better. I will work on that. It is just a simple tweak on the htaccess and appropriate 404 page
Thats a great solution, looking forward to see that live in action :)
As the utopian mod stated above, you should allow issues for your project. It brings way more possibilities to contact you. I just posted under your utopian post since there was no other way to inform you about this issue...
Also make sure to add a license and readme, since utopian rules state them as necessary to be a valid project.
@resteemator is a new bot casting votes for its followers. Follow @resteemator and vote this comment to increase your chance to be voted in the future!