Reflected Cross-Site Scripting (XSS) in /admin/Add notice/add notice.php via $_SERVER['PHP_SELF']
Describe the bug
Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in /admin/Add notice/add notice.php. The script uses the unsanitized $_SERVER['PHP_SELF'] variable in the action attribute of two forms (line 122 and line 157), allowing an attacker to inject arbitrary JavaScript code through a crafted URL.
Steps to reproduce
- Log in to the admin panel using the preset admin account (username:
admin, password: admin123).
- Access the following crafted URL in a browser (the vulnerable page is only accessible after login):
http://127.0.0.1:3000/admin/Add%20notice/add%20notice.php/"><script>alert('XSS')/script>
- The browser will execute the injected JavaScript and display an alert box with the text
XSS, confirming the vulnerability.
The malicious code can be replaced with more harmful scripts (e.g., to steal cookies, perform phishing, or hijack the admin session).
Describe the solution
To fix this vulnerability, the action attribute should not directly output user-controllable input. Instead, use a hardcoded relative URL or properly sanitize the output.
Recommended fix:
- Replace
<?php echo $_SERVER['PHP_SELF']; ?> with a static value, such as "" (post to same page) or "add notice.php".
- If dynamic values are necessary, use
htmlspecialchars() to encode output:
<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'); ?>
Screenshots
Reflected Cross-Site Scripting (XSS) in /admin/Add notice/add notice.php via $_SERVER['PHP_SELF']
Describe the bug
Multiple reflected Cross-Site Scripting (XSS) vulnerabilities exist in
/admin/Add notice/add notice.php. The script uses the unsanitized$_SERVER['PHP_SELF']variable in theactionattribute of two forms (line 122 and line 157), allowing an attacker to inject arbitrary JavaScript code through a crafted URL.Steps to reproduce
admin, password:admin123).http://127.0.0.1:3000/admin/Add%20notice/add%20notice.php/"><script>alert('XSS')/script>
XSS, confirming the vulnerability.The malicious code can be replaced with more harmful scripts (e.g., to steal cookies, perform phishing, or hijack the admin session).
Describe the solution
To fix this vulnerability, the
actionattribute should not directly output user-controllable input. Instead, use a hardcoded relative URL or properly sanitize the output.Recommended fix:
<?php echo $_SERVER['PHP_SELF']; ?>with a static value, such as""(post to same page) or"add notice.php".htmlspecialchars()to encode output:<?php echo htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'); ?>Screenshots
