[SEC-005] Injection - XSS Vulnerability In Song

Description

Fields in the song that are string and can be inputted by the user are not sanitized. This means XSS is possible. For example, if user make title for the song like this:

Aku Kamu <img src="f" onerror="alert(1)"/>

It will be saved in plaintext and whenever the data of the song title is requested, like in homepage or detail, the tag will be treated as HTML entity. Since image 'f' is not found, the onerror script will be running. In the grander scheme, hacker can use this to stole cookies. Just enter the script to send cookie to hacker website in onerror field.

Severity

This bug has severity CRITICAL since the hacker can stole admin cookie.

Affected URL

Any URl that can show individual song data like:

• /
• /lagu/:id, with id is id of the song with the payload, including /lagu/:id/edit
• /search whenever song which contain payload is shown

Attachment