how to fix this vulnerability?
<input type=hidden name=target value="$$target$$">
Injection Code
Injection
<input type=hidden name=target value="https://test/ff5b27051cb9fatest" accesskey=x onclick=alert(document.location)"">
Asked
Active
Viewed 495 times
0
-
Does it answer your questions : https://stackoverflow.com/a/15940275/9368328 – Tony Stark Jun 18 '21 at 12:25
-
Yes @TonyStark. Explanation is fine. Could you please re-write this to fix vulnerability – Dinesh Jun 18 '21 at 12:32
-
What is the value for target? "$$target$$"?? and what is the use of it? – Tony Stark Jun 18 '21 at 12:58
-
target value from Url. – Dinesh Jun 18 '21 at 13:16
-
You can use HtmlSanitizer for .NET or encode the url – Tony Stark Jun 18 '21 at 13:23
-
this is my Url: https://test-live.com/testing/forms/Login&TARGET=-HM-https%3a%2f%2ftest.com%2ftest%2fLKSDFSLDFK . How to fix in my html code? – Dinesh Jun 18 '21 at 15:49
-
Please refer this: https://learn.microsoft.com/en-us/dotnet/api/system.web.httputility.urlencode?view=net-5.0 – Tony Stark Jun 18 '21 at 16:10
1 Answers
0
You are not encoding " characters. This allows the attacker to terminate your HTML attribute (value) and inject their own (onclick). As others have mentioned, you should use a trusted sanitizer, but the key vulnerability as you have shown is the failure to encode quotes.
ebuntu
- 151
- 1
- 8