-2

When entering

<script>alert(1)</script>

The resulting Html after submitting is

<form action="/action_page.php"  novalidate>
  E-mail: <input type="email"  Id="user_email">"<script>alert(1)</script>
  <input type="submit">
</form>

And the xss not triggered. If I replace the payload with 

<img src=xss onerror=alert(1)>

Xss triggered! this xss happening with the id attribute! In browsers.

So I want to know 2 thing.

  1. If this is a vulnerability then how an attacker can use it. I mean what payload would be used. Cause xss happening with Id= attribute

  2. If this is a vulnerability. How can I fix it?

I am a beginner. I will be happy if you guys answer my question.

Thanks.

user187733
  • 1

1 Answers1

-1
  1. If this is a vulnerability then how an attacker can use it. I mean what payload would be used. Cause xss happening with Id= attribute

It doesn't matter where the XSS happens, what matters is that an attacker is able to execute arbitrary javascript. XSS with a <script> tag is identical in impact with an XSS within an HTML attribute. In either case, the attacker can do things like:

  • load an external script that logs all key presses on the page
  • modify the look/behavior of the page to capture credentials
  • make requests as the authenticated user
  • send secret values in cookies to an attacker
  • and pretty much anything you can think to do with javascript

If you want a simple example, you can just take your payload you have that launches an alert, and replace it with something like you'd find here: How do I include a JavaScript file in another JavaScript file? . I think it's asking too much to come up with a working exploit for a page we can't test against, but you should get the idea.

  1. If this is a vulnerability. How can I fix it?

It sure sounds like a stored XSS vulnerability to me. There are many sources for preventing XSS in PHP. You can check out some of these Q&As:

I would also recommend you read this page: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

And finally, if possible, have someone with more security expertise review your code.

Gray
  • 7,050
  • 2
  • 29
  • 52