Reflected XSS at /lgsl_files/lgsl_list.php
Description:
Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization.
When crafted malicious input is provided in the Referer header, it is echoed back into an HTML attribute in the application’s response.
The vulnerability is present at Line 20-24
$uri = $_SERVER['REQUEST_URI'];
if ($lgsl_config['preloader']) {
$uri = $_SERVER['HTTP_REFERER'];
}Proof of Concept:
- Capture a request to the path
/lgsl_files/lgsl_list.php.
- Inject the following payload into the Referer header:
test'><script>alert(1)</script><.
- Send the request.
- The XSS payload is triggered when reloading.
Impact:
Execution of Malicious Code
tCu0n9 Reporter
Reflected XSS at /lgsl_files/lgsl_list.php
Description:
Vulnerability: A reflected XSS vulnerability exists in the
RefererHTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization.When crafted malicious input is provided in the
Refererheader, it is echoed back into an HTML attribute in the application’s response.The vulnerability is present at Line 20-24
Proof of Concept:
/lgsl_files/lgsl_list.php.test'><script>alert(1)</script><.Impact:
Execution of Malicious Code