stored Blind XSS in Admin Panel through FAQ-Proposal leads to Admin Full Account Takeover in thorsten/phpmyfaq
Valid
Reported on
Jan 26th 2023
Hello.
Vulnerability: Blind XSS in Admin Panel while generating Report
- Without beeing logged in the Application
- Go to FAQ-Proposal -> put an XSS Payload like <script>alert('1')</script> in the question Field
- Send the Proposal
- Admin will login
- The Proposal will pop up in the Category you specified while sending your Proposal here number 1 6 Admin will go to Statistics and then Reports
- Generate Report
- Blind XSS will be fired in the Admin Panel
Steal the Admin Cookies and do a Full Account Takeover of the Admin Account.
Best regards Ahmed Hassan
Impact
Hello.
Vulnerability: Blind XSS in Admin Panel while generating Report
- Without beeing logged in the Application
- Go to FAQ-Proposal -> put an XSS Payload like <script>alert('1')</script> in the question Field
- Send the Proposal
- Admin will login
- The Proposal will pop up in the Category you specified while sending your Proposal here number 1 6 Admin will go to Statistics and then Reports
- Generate Report
- Blind XSS will be fired in the Admin Panel
Steal the Admin Cookies and do a Full Account Takeover of the Admin Account.
Best regards Ahmed Hassan
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
2 months ago
ahmedvienna modified the report
2 months ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
The researcher's credibility has increased: +7
Thorsten Rinne
has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Feb 28th 2023
to join this conversation