DOM-based vulnerabilities

QuestionsDOM-based vulnerabilities
Shubhangi asked 3 years ago

Hello,

We are using a paid version of this product and found DOM-based vulnerabilities in it.

DOM-based vulnerabilities arise when a client-side script reads data from a controllable part of the DOM (for example, the URL) and processes this data in an unsafe way

DOM-based cross-site scripting arises when a script writes controllable data into the HTML document in an unsafe way. An attacker may be able to use the vulnerability to construct a URL that, if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

For eg :-
Data is read from location.href and passed to the ‘append()’ function of JQuery via the following statements:

  •   grid_url=location.href.replace(‘form=add’,”)+”&grid_id=”+grid_id;
  •   jQuery(el) .parent() …d_url+ “\”);’ />” )

in jqgrid_dist.php
Possible remediations:

  1. Alter the output builder function in jqgrid_dist.php to write the URL in the generated content rather than ‘location.href’. jqGrid_dist.php outputs Javascript that then generates the URL on the client side, rather than finalizing the element content on the server side.

Let us know , if the latest version of this product has this fixed, or we would like to know a solution or a fix from your side.

Thanks and Regards

 

 

1 Answers
Abu Ghufran Staff answered 3 years ago

Thanks for reporting. Currently this feature to show add form when url contains form=add is rarely used.

To avoid this vulnerability risk, you can simple remove these lines. Your suggestion to put server side generated url is also doable but it will need some more testing time.

Search: location.href.replace in jqgrid_dist.php
And remove this block of 2 lines, 3 occurences in file:
if (…)

… location.href.replace ….

_________________________
Abu Ghufran - Dev Team
Grid 4 PHP Framework
 
Your Answer

12 + 14 =

Login with your Social Id:

OR, enter

Attach code here and paste link in question.
Attach screenshot here and paste link in question.



How useful was this discussion?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate it.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?