HTML-Injection in thorsten/phpmyfaq
Reported on
Jan 21st 2023
Dear Ladies and Gentlemen,
First of all thank you for your time and effort reading my Report.
While doing the Penetration Test i was able to identify an reflected HTML-Injection.
The Process of the Vulnerability:
- Login
- Go to https://roy.demo.phpmyfaq.de/admin/?action=tags
- Type any kind of HTML Code and it will be interpreted as HTML Code Example for the HTML Code: <h1> HTML INJECTION BY AHMED HASSAN</h1> or </h2>special offer <a href=www.evil.com>malicious link</a><h2>
The Attacker can inject Link, Phishing Links, etc. to inject malicious Code
Through this, any Attacker can inject HTML Code and use further Vulnerabilities to use other Exploitation Steps.
At the end, I want to thank you for your time and effort and hope hearing from you soon.
Best regards Ahmed Hassan
Impact
Dear Ladies and Gentlemen,
First of all thank you for your time and effort reading my Report.
While doing the Penetration Test i was able to identify an reflected HTML-Injection.
The Process of the Vulnerability:
- Login
- Go to https://roy.demo.phpmyfaq.de/admin/?action=tags
- Type any kind of HTML Code and it will be interpreted as HTML Code Example for the HTML Code: <h1> HTML INJECTION BY AHMED HASSAN</h1> or </h2>special offer <a href=www.evil.com>malicious link</a><h2>
The Attacker can inject Link, Phishing Links, etc. to inject malicious Code
Through this, any Attacker can inject HTML Code and use further Vulnerabilities to use other Exploitation Steps.
At the end, I want to thank you for your time and effort and hope hearing from you soon.
Best regards Ahmed Hassan
References
Good Morning,
I hope you are okay. I wanted to mention that my Brother Josef Hassan (mohammedzidan99@gmail.com) was part of identifying this Vulnerability.
Therefore, I will be more than happy if you can put his Name and (E-Mail Address as a Security Researcher with me.
I would appreciate hearing from you soon and wish you a wonderful day.
Best regards Ahmed Hassan