Skip to content

Instantly share code, notes, and snippets.

@enferas

enferas/CVE-2023-23019.md

Last active January 21, 2023 12:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save enferas/fc3a1b4b3826d0e10cc4a021e5ec1822 to your computer and use it in GitHub Desktop.
Save enferas/fc3a1b4b3826d0e10cc4a021e5ec1822 to your computer and use it in GitHub Desktop.
Download ZIP
XSS Blog
Raw
CVE-2023-23019.md

CVE-2023-23019 is assigned

Link: https://www.sourcecodester.com/php/15441/blog-site-php-using-codeigniter-4-framework-free-source-code.html

15 XSS vulnerabilities.

For example,

the username and email will be saved in the DB in file ci4_blog\app\Controllers\Main.php

name, email, and type are extracted from $this->request->getMethod()

public function user_add(){
    if($this->request->getMethod() == 'post'){
        extract($this->request->getPost());
        $udata= [];
        $udata['name'] = $name; 
        $udata['email'] = $email;
        $udata['type'] = $type;
        //...
            $save = $this->auth_model->save($udata);
        //...
        }
}

Then the users are loaded from the DB and print the values in the list view.

In file ci4_blog\app\Controllers\Main.php

public function users(){
    //...
    $this->data['users'] = $this->auth_model->where("id != '{$this->session->login_id}'")->paginate($this->data['perPage']);
    //...
    return view('pages/users/list', $this->data);
}

Then in file ci4_blog\app\Views\pages\users\list.php

<?php foreach($users as $row): ?>
    <tr>
        <td class="px-2 py-1 align-middle"><?= $row['name'] ?></td>
        <td class="px-2 py-1 align-middle"><?= $row['email'] ?></td>
<?php endforeach; ?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment