Cross-site Scripting (XSS) - Stored in e107inc/e107
Valid
Reported on
Jan 12th 2022
A Stored Cross-Site Scripting (XSS) using svg exists in e107 version 2.3.1
Date: 12/1/2022
Exploit Author: Trương Hữu Phúc
Contact me:
- Github: https://github.com/truonghuuphuc
- Facebook: https://www.facebook.com/DdosFulzac.auz1/
- Email: phuctruong2k@gmail.com
- Product: e107
- Version: 2.3.1
Suggestions: I think should limit some file and check content file before upload.
File affect: https://github.com/e107inc/e107/blob/master/e107_admin/image.php#L2484
Proof of concept (POC):
- Login admin
- Manage -> Media Manager
- Create Category -> Image
- Upload a file -> from a remote location
- File Report: https://drive.google.com/file/d/1OGf1zYt9xd_PTt_N08K4C8n1KhWDbBdl/view?usp=sharing
- Video Poc: https://drive.google.com/file/d/1IGwsnC4iY_XMZ0BhreiF-_4I5-rUPWHv/view?usp=sharing
References
We are processing your report and will contact the
e107inc/e107
team within 24 hours.
a year ago
We have contacted a member of the
e107inc/e107
team and are waiting to hear back
a year ago
We have sent a
follow up to the
e107inc/e107
team.
We will try again in 7 days.
a year ago
@Maintainer github version 2.3.2 have fix not allow file svg
For version I can upload file.svg. I downloaded at this link https://sourceforge.net/projects/e107/files/v2.3.1/
@truonghuuphuc Yes, this issue was already reported about v2.3.1 and v2.3.2 (on github) corrects the issue.
We have sent a
second
follow up to the
e107inc/e107
team.
We will try again in 10 days.
a year ago
@admin Can you help me registration CVE ? Thank @admin
Before we can assign a CVE, we just need to confirm with the maintainer that they are happy to publish one.
Cameron, are you happy for a CVE to be published for this report? 🤝
to join this conversation