Describe the bug/issue
- Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser.
To Reproduce
Steps to reproduce the behavior:
- Go to the following link: http://[server]/sync/dropbox/download?challenge=%3Cscript%3Ealert(1)%3C/script%3E
- Boom!
Where the vulnerability occurred?
The code below displays the user-controlled parameter challenge in application/controllers/dropbox.php with incorrect sanitization:
|
echo $_GET['challenge'];exit; |
Describe the bug/issue
To Reproduce
Steps to reproduce the behavior:
Where the vulnerability occurred?
The code below displays the user-controlled parameter
challengein application/controllers/dropbox.php with incorrect sanitization:JustWriting/application/controllers/dropbox.php
Line 36 in 49731e0