Description Preview
A Cross-Site Scripting (XSS) vulnerability has been identified in Workerman-ThinkPHP-Redis (last updated March 16, 2018). The vulnerability exists in the Controller.class.php file, where the exit function terminates script execution and prints a message to the user. This message incorporates user-controlled input from $_GET[C('VAR_JSONP_HANDLER')], which is not properly sanitized before being displayed to users. Attackers can exploit this vulnerability by crafting malicious URLs containing JavaScript code that will be executed in the victim's browser when they visit the affected page.
Overview
The vulnerability (CVE-2021-43697) is a reflected Cross-Site Scripting (XSS) issue in Workerman-ThinkPHP-Redis, categorized as CWE-79. The framework fails to properly validate and sanitize user input from the JSONP handler parameter before including it in the response. When the exit function is called in Controller.class.php, it outputs the value of the JSONP handler parameter directly to the page. This allows attackers to inject arbitrary JavaScript code that executes in the context of the victim's browser, potentially leading to cookie theft, session hijacking, credential harvesting, or other client-side attacks.
Remediation
To remediate this vulnerability, implement the following measures:
- Update to a patched version of Workerman-ThinkPHP-Redis if available.
- If no update is available, modify the Controller.class.php file to properly sanitize the JSONP handler parameter using appropriate output encoding functions.
- Implement Content Security Policy (CSP) headers to help mitigate the impact of XSS attacks.
- Consider implementing input validation to restrict the JSONP handler parameter to only allow expected values.
- Apply the principle of least privilege by limiting what the application can do with user-supplied data.
- Regularly audit and test your code for similar security vulnerabilities.
References
- GitHub Issue and Advisory: https://github.com/happyliu2014/Workerman-ThinkPHP-Redis/issues/1
- CWE-79 (Cross-site Scripting): https://cwe.mitre.org/data/definitions/79.html
- OWASP XSS Prevention Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
