JavaScript网站漏洞

Question

this morning I noticed a possible vulnerability on my web site; I'm not sure at all if my site can be damaged with it but well...

On my site I use a JavaScript code to open(display) different sections (other pages) inside the main page;

On the main index.php I've this code where the other pages are displayed:

In the head:

<?php
$section = "default";
if (isset($_GET["page"]))
{
  $section = $_GET["page"];
}
?>

In the Body:

<script type="text/javascript">
    openPage('<?php echo($page); ?>');
</script>

And the JavaScript function is this one:

function openPage(page, form)
{
var data = "page=" + page;
if (form != null)
    data += "&" + $("#" + form).serialize();

$("#content").html("<center>Wait..</center>");
$.ajax({
    type: "POST",
    url: "content.php",
    data: data,
    success: function(result) {
        $("#content").html(result);
    }
})
}

The content.php

<?
  if (file_exists("pages/".$page.".php"))
    include("pages/".$page.".php");
  else
  {
    include("pages/default.php");
  }
?>

My problem is that if I write in the url:

url.com/index.php?page=</script><script>alert(1)</script>

An alert message appear, what I could do? Is this dangerous? How I can fix it?

Thank you all.

Answer 1

This is not JS vulnerability, this is your code vulnerability.

You can use htmlspecialchars:

<?php
$section = "default";
if (isset($_GET["page"]))
{
  $section = htmlspecialchars($_GET["page"]);
}
?>

http://www.w3schools.com/php/func_string_htmlspecialchars.asp

Answer 2

Yes, this is dangerous as people with malicious intent can now form URLs executing client side code on your domain. This can range from showing a simple alert box to hijacking cookies. This is called cross-site scripting .

Ignoring whether your current setup is a good one, you can fix your vulnerability by sanitizing the $_GET['page'] variable before outputting it:

htmlspecialchars($_GET['page']);