Stored XSS edit Config Link in thorsten/phpmyfaq
Reported on
Feb 12th 2023
Description
Stored Cross-Site Scripting (XSS) through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the malicious script is executed in the user's browser, allowing the attacker to steal sensitive information, modify the appearance of the website, deliver malware, and perform other malicious actions.
Proof of Concept
1.Go to https://roy.demo.phpmyfaq.de/admin/?action=config&config_action=saveConfig
2.Edit URL for Privacy note form with javascript:alert(1)"> <script>alert('1337')</script>
3.Go to https://roy.demo.phpmyfaq.de/?action=request-removal
https://drive.google.com/file/d/1HsdF1ZFn9JlD7irRDiVu78Tnx40lm-Io/view?usp=share_link
#Mitigation To prevent stored XSS through hyperlinks, it is important for website and web application owners to implement proper input validation and sanitization to prevent malicious code from being stored in the application's database or web server. Additionally, it is important for users to be cautious when clicking on unknown or suspicious hyperlinks and to only click on links from trusted sources.
Impact
Stored XSS through hyperlinks can have significant impacts on both the application and its users. For example, the attacker can steal the victim's login credentials, manipulate the information displayed on a page, and even launch phishing attacks to trick the victim into disclosing sensitive information.