QingScan Reflected Cross-Site Scripting Vulnerability

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in QingScan versions through 1.8.0. The issue resides in the `/webscan/sqlmap/index.html` endpoint, where improper input sanitization of the `dasta` query parameter allows attackers to inject malicious JavaScript payloads. When a victim accesses a crafted URL with the injected payload, the script executes in the context of the victim's browser.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the victim's browser. This could lead to session hijacking, unauthorized actions on behalf of the user, data exfiltration, or phishing attacks.

Reproduction

To reproduce this vulnerability, disable URL encoding in the HTTP client, such as Postman. Send a GET request to the vulnerable endpoint with a payload injected into the `dasta` query parameter. The injected payload will be reflected in the DOM without proper encoding, allowing the JavaScript to execute when the corresponding HTML element is interacted with.

Remediation

To address this vulnerability, input should be properly sanitized before being rendered in HTML. Implement output encoding for special characters and enforce URL encoding for incoming requests. Additionally, a strict Content Security Policy (CSP) should be applied to mitigate script execution.