A Reflected XSS vulnerability in this sdk

Hello:
I found a Reflected XSS vulnerability in this sdk.

The vulnerability exists due to insufficient filtration of user-supplied data in “token_secret” HTTP REQUEST parameter that will be passed to “restapi-php-sdk-master\Immocaster\Oauth\example\client.php”. The infected source code is line 7, there is no protection on $_REQUEST['token_secret'];
![code1](https://cloud.githubusercontent.com/assets/1484292/23218084/37387f9c-f956-11e6-89d1-d37c5940bb26.png)

if $_REQUEST['token_secret'] contains evil js code, line 102 will trigger untrusted code to be excuted on the browser side
![code2](https://cloud.githubusercontent.com/assets/1484292/23218567/83d48520-f957-11e6-8054-4ccbc07af361.png)


So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/restapi-php-sdk-master/Immocaster/Oauth/example/client.php?token_secret="><script>alert(1)

The follow screenshot is the result to click the upper url ( win7 sp1 x64 + firefox 51.0.1 32bit ):

![sc](https://cloud.githubusercontent.com/assets/1484292/23219276/9b9b171c-f959-11e6-9696-a7782169d164.png)






Discoverer:  ADLab of Venustech

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

A Reflected XSS vulnerability in this sdk #43

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

A Reflected XSS vulnerability in this sdk #43

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions