Description
The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser.
Affected URLs:
/response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert(%27xss%27)%3E/base64/PGltZy9zcmMvb25lcnJvcj1hbGVydCgneHNzJyk+?content-type=text/html/base64/decode/PGltZy9zcmMvb25lcnJvcj1hbGVydCgneHNzJyk+?content-type=text/html
Steps to reproduce:
- Visit one of the above mentioned URLs.
- XSS window will popup
Suggested fix
- Allow Only Safe Content-Type Values Or give users option to define whitelisted Content-Type headers
Criticality
The following can be major impacts of the issue:
- Access to victim's sensitive Personal Identifiable Information.
- Access to CSRF token
- Cookie injection
- Phishing
- And any other thing Javascript can perform
Description
The go-httpbin framework is vulnerable to XSS as the user can control the
Response Content-Typefrom GET parameter. This allows attacker to execute cross site scripts in victims browser.Affected URLs:
/response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert(%27xss%27)%3E/base64/PGltZy9zcmMvb25lcnJvcj1hbGVydCgneHNzJyk+?content-type=text/html/base64/decode/PGltZy9zcmMvb25lcnJvcj1hbGVydCgneHNzJyk+?content-type=text/htmlSteps to reproduce:
Suggested fix
Criticality
The following can be major impacts of the issue: