Cross-site Scripting (XSS) - Generic in forkcms/forkcms
Mar 23rd 2021
🕵️♂️ Proof of Concept
Vulnerable parameter: publish_on_date
XSS payload: '"()%26%25<yes><ScRiPt%20>alert(1)</ScRiPt>
Steps to reproduce issue
1- Login to Fork admin panel
2- Goto Modules=>Blog=>Edit
3- Turn on Burp Intercept
4- Click on "Publish"
5- Change value of "publish_on_date" parameter to 22/03/2021'"()&%<yes><ScRiPt >alert(2)</ScRiPt>
6- Forward the request and XSS will be triggered
Video POC: https://drive.google.com/file/d/10e_8aSNUsGolDDexhuN_aqso5VA8671n/view?usp=sharing.
# 💥 Impact With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.