VulnerableApp icon indicating copy to clipboard operation
VulnerableApp copied to clipboard

Published 20 hours ago verified publisher icon SasanLabs

Fixing issues in XSSWithHtmlTagInjection Vulnerability

Open preetkaran20 opened this issue 2 years ago • 2 comments

Is your feature request related to a problem? Please describe. XSSWithHtmlTagInjection vulnerability is handled in the backend at: https://github.com/SasanLabs/VulnerableApp/blob/ed98eb0923893ea822761cca3e7d0969b0eb340d/src/main/java/org/sasanlabs/service/vulnerability/xss/reflected/UrlParamBasedHtmlTagInjection.java

It has the following issues:

  1. Class name doesn't match the Vulnerability type so correcting it such that finding the file is easier
  2. There is no secured implementation so requires the addition of Secure implementation. As levels are very less in this Vulnerability so in case you are interested please add more levels too.
  3. Validate that other levels are exploitable (Exploitable payloads are present in the source code :) ).

Describe the solution you'd like Fix the ClassName in https://github.com/SasanLabs/VulnerableApp/blob/ed98eb0923893ea822761cca3e7d0969b0eb340d/src/main/java/org/sasanlabs/service/vulnerability/xss/reflected/UrlParamBasedHtmlTagInjection.java and add the secured implementatio. it will have annotation values similar to the above level just we don't need Attack vector and Variant should be Secure in VulnerableAppRequestMapping annotation.

Glimpse of the Vulnerability: image

preetkaran20 avatar Sep 25 '21 14:09 preetkaran20

Hello! I'm new to contributing and am looking to get my feet wet. Would it be alright if I submitted a PR for just the class name change? I'm currently reading about how to implement 2 and 3. Thanks for your time!

shammer0 avatar Jun 30 '22 04:06 shammer0

Hi @shammer0 ,

Yes, please go ahead and submit the PR. Also please let me know if you need help in understanding 2nd and 3rd points.

thanks, Karan

preetkaran20 avatar Jun 30 '22 04:06 preetkaran20