SourceCodester Modern Image Gallery App Cross-Site Scripting Vulnerability in Upload.php

A stored cross-site scripting vulnerability has been identified in version 1.0 of the SourceCodester Modern Image Gallery App. The issue resides in the upload.php file, where the application fails to properly validate and encode user input through the filename parameter and the file content. This lack of proper sanitization allows attackers to inject and execute malicious scripts, potentially compromising user sessions and sensitive information. The vulnerability can be exploited remotely, requiring user interaction.

Impact

Exploitation of this vulnerability allows for the execution of injected scripts in the context of the user's browser session, leading to session hijacking, unauthorized actions on behalf of the user, phishing attacks, website defacement, and redirection to malicious sites.

Reproduction

To reproduce this vulnerability, upload a file through the application's upload feature. Intercept the upload request and modify the filename to include a .html extension, injecting a script payload, such as a simple alert script, into the file content. Complete the upload process and the injected script will execute in the context of the user's session.

Remediation

It is recommended to implement proper input validation and output encoding for user-supplied data before rendering it in the application. Additionally, consider using a Content Security Policy to restrict the execution of scripts and marking cookies with the HttpOnly flag to protect session information.