HTML injection Leads to Open redirection in froxlor/froxlor

Valid

Reported on

Jul 30th 2023


Description

HTML Injection Leads to Open Redirection is a dangerous web security issue. Attackers inject malicious HTML code into vulnerable websites, allowing them to execute harmful scripts in users' browsers. This may lead to unauthorized actions on users' behalf and redirect them to malicious sites. Proper input validation and security measures are essential to prevent this threat.

#Step to reproduce

1. Navigate to the URL "http://192.168.2.107/admin_index.php" login as admin 
2. Select admins edit functionality from resources and click edit button 
3. Enter the html payload in to Custom notes and save 
4. Then now click on the view button as well as click close button , so at time we can see the website is redirected to malicious website 

Proof of Concept:

 https://drive.google.com/file/d/1nBGmDu2MrfCAT6WzQkMV_MRS3W4rImvC/view?usp=sharing

Impact

Compromised Data: Sensitive user information, like login credentials, can be stolen. Unauthorized Access: Attackers gain control of user accounts through exploited session cookies. Phishing Attacks: Users are redirected to deceptive sites, facilitating phishing schemes.

We are processing your report and will contact the froxlor team within 24 hours. 7 months ago
We have contacted a member of the froxlor team and are waiting to hear back 7 months ago
Michael
7 months ago

Maintainer


Using markup for text and even links is intended (see https://huntr.dev/bounties/f20396a1-3775-4abf-b5c9-7ebf9059839b/) but I agree that it should not affect the "close" button or similar from the main UI.

Michael Kaufmann validated this vulnerability 7 months ago
amal03-bit has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Amalmohan
7 months ago

Researcher


@maintainer can you please assing cve for this vulnerability

Michael Kaufmann marked this as fixed in 2.1.0-dev1 with commit e8ed43 5 months ago
The fix bounty has been dropped
This vulnerability has now been published 4 months ago
to join this conversation