stored XSS through Question sending in thorsten/phpmyfaq

Valid

Reported on

Jan 23rd 2023


Dear Ladies and Gentlemen,

First of all, thank you for your time and effort in reading my Report.

While doing the Penetration Test my Brother Ahmed Hassan (hassanahmed8199@gmail.com) and I were able to identify another stored XSS Cross-Site-Scripting Injection Vulnerability.

The Process of the Vulnerability:

Login
Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&category_id=0
Any User will be able to submit questions that need to be verified by the Administrator.
As soon as the Administrator will review the Question and accept it the Javascript Code will work after refreshment.
The User can submit JavaScript Code and it will run as Code.
Type any kind of JavaScript Code like <script>alert(‘1’)</script>
The Attacker can inject JavaScript Code and steal the Admin Cookies

Through this, any Attacker can inject JavaScript Code and use further Vulnerabilities to use other Exploitation Steps.

Finally, I want to thank you for your time and effort, and hope to hear from you soon.

Best regards Josef Hassan & Ahmed Hassan

Impact

Dear Ladies and Gentlemen,

First of all, thank you for your time and effort in reading my Report.

While doing the Penetration Test my Brother Ahmed Hassan (hassanahmed8199@gmail.com) and I were able to identify another stored XSS Cross-Site-Scripting Injection Vulnerability.

The Process of the Vulnerability:

Login
Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&category_id=0
Any User will be able to submit questions that need to be verified by the Administrator.
As soon as the Administrator will review the Question and accept it the Javascript Code will work after refreshment.
The User can submit JavaScript Code and it will run as Code.
Type any kind of JavaScript Code like <script>alert(‘1’)</script>
The Attacker can inject JavaScript Code and steal the Admin Cookies

Through this, any Attacker can inject JavaScript Code and use further Vulnerabilities to use other Exploitation Steps.

Finally, I want to thank you for your time and effort, and hope to hear from you soon.

Best regards Josef Hassan & Ahmed Hassan

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 4 months ago
We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 4 months ago
thorsten/phpmyfaq maintainer has acknowledged this report 4 months ago
Thorsten Rinne validated this vulnerability 4 months ago
josefjku has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.11 with commit b76d58 4 months ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Feb 28th 2023
Thorsten Rinne published this vulnerability 3 months ago
to join this conversation