divinity76 d9cd81508b patch XSS vulnerability (#358) ...

the powergamers page was vulnerable to XSS/javascript injection, this should fix it.

XSS screenshot: https://i.imgur.com/4rJuWqY.png
XSS POC:

<form action="https://<censored>/powergamers.php" method="POST">
<input type="hidden" name="days[]" value="3" />
<input type="hidden" name="days[]" value="1&lt;script&gt;alert(&quot;XSS running!&quot;);&lt;/script&gt;" />
<input type="submit" value="click here to start xss" />
</form>

2019-04-19 21:23:57 +02:00

5.6 KiB

Raw Blame History

View Raw