wechat-php-sdk icon indicating copy to clipboard operation
wechat-php-sdk copied to clipboard
verified publisher icon gaoming13

Possible XSS vulnerability

Open enferas opened this issue 4 years ago • 1 comments

Hello,

I would like to report for XSS vulnerability.

Vulnerability path

File Wechat.php

  • Line 58
public function serve(){
   // Source in this method
   $this->checkParams();
   // Sink in this method
   $this->accessAuth();
   return $this->getMessage();
}
  • Line 468
private function checkParams(){
        $this->signature = isset($_GET['signature']) && !empty($_GET['signature']) ? $_GET['signature'] : false;
        $this->timestamp = isset($_GET['timestamp']) && !empty($_GET['timestamp']) ? $_GET['timestamp'] : false;
        $this->nonce = isset($_GET['nonce']) && !empty($_GET['nonce']) ? $_GET['nonce'] : false;
        // The source with $_GET['echostr']
        $this->echostr = isset($_GET['echostr']) && !empty($_GET['echostr']) ? $_GET['echostr'] : false;
        $this->encrypt_type = isset($_GET['encrypt_type']) && !empty($_GET['encrypt_type']) ? $_GET['encrypt_type'] : false;
        $this->msg_signature = isset($_GET['msg_signature']) && !empty($_GET['msg_signature']) ? $_GET['msg_signature'] : false;
    }
  • Line 500
private function accessAuth(){
     if ($this->echostr !== false) {
         if (! $this->checkSignature()) {
              @error_log('[wechat-php-sdk]accessAuth Error.', 0);
          }
         // the sink
         exit($this->echostr);
    }
}

enferas avatar Nov 11 '21 13:11 enferas

CVE-2021-43678 is assigned for this report.

wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php

enferas avatar Dec 08 '21 17:12 enferas