OrdylanNote icon indicating copy to clipboard operation
OrdylanNote copied to clipboard
verified publisher icon ordylan

DOM XSS

Open royblume opened this issue 1 year ago • 1 comments

A DOM-based Cross-Site Scripting (XSS) vulnerability exists on line 1 of papers.php. The application dynamically includes unsanitized user-supplied input ($_GET["id"]) into the JavaScript context of an onclick attribute. An attacker can exploit this flaw by crafting a malicious URL that injects arbitrary JavaScript, which is then executed in the context of a user's browser. This vulnerability allows attackers to steal cookies, hijack user sessions, access local storage, or perform other malicious actions on behalf of the user.

Vulnerable code: AddHRAD('[试卷厅]橙鸭笔记系统V2','试卷厅_橙鸭笔记系统[首页]',' href="javascript:void(0);" onclick="changepage(\'odback\',localStorage.ON_LastPath + \'#notee_'.$_GET["id"].'\');"',"","");?>

POC: http://[DOMAIN]/OrdylanNote-main/papers.php?id=%22%3E%3Cscript%3Ealert(%27DOM%20XSS%27)%3C/script%3E

royblume avatar Dec 24 '24 21:12 royblume

It's true! Thanks for your issue, I will fix it some days later.

ordylan avatar Dec 28 '24 13:12 ordylan