Описание
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type
Description
The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser.
Affected URLs:
/response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert(%27xss%27)%3E/base64/PGltZy9zcmMvb25lcnJvcj1hbGVydCgneHNzJyk+?content-type=text/html/base64/decode/PGltZy9zcmMvb25lcnJvcj1hbGVydCgneHNzJyk+?content-type=text/html
Steps to reproduce:
- Visit one of the above mentioned URLs.
- XSS window will popup
Suggested fix
- Allow Only Safe Content-Type Values Or give users option to define whitelisted Content-Type headers
Criticality
The following can be major impacts of the issue:
- Access to victim's sensitive Personal Identifiable Information.
- Access to CSRF token
- Cookie injection
- Phishing
- And any other thing Javascript can perform
Пакеты
Наименование
github.com/mccutchen/go-httpbin
go
Затронутые версииВерсия исправления
< 2.18.0
2.18.0
Наименование
github.com/mccutchen/go-httpbin/v2
go
Затронутые версииВерсия исправления
< 2.18.0
2.18.0
Связанные уязвимости
CVSS3: 6.1
nvd
около 1 месяца назад
A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.