Skip to content

ACE file-upload.php exists XSS #1

Open
Open
ACE file-upload.php exists XSS#1
@chengchong010

Description

@chengchong010
chengchong010
opened on Aug 9, 2018

Code:

ACE/examples/file-upload.php

Lines 36 to 46 in a444178

if($ajax) {
//if request was ajax(modern browser), just echo it back
echo $result;
}
else {
//if request was from an older browser not supporting ajax upload
//then we have used an iframe instead and the response is sent back to the iframe as a script
echo '<script language="javascript" type="text/javascript">';
echo 'window.top.window.jQuery("#'.$_POST['temporary-iframe-id'].'").data("deferrer").resolve('.$result.');';
echo '</script>';
}

Description:
echo 'window.top.window.jQuery("#'.$_POST['temporary-iframe-id'].'").data("deferrer").resolve('.$result.');';

when $_POST['temporary-iframe-id'] value is 'cc");alert(3);windows.top.window.jQuery("#cc', then will be cause XSS.

Advice:
check precise for $_POST['temporary-iframe-id']

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions