Bypass filter - Stored XSS in Resources in francoisjacquet/rosariosis

Valid

Reported on

Jun 7th 2022


Description

Website does incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Proof of concept

javaSCRIPT:alert(origin)

Steps to reproduce [it works on Firefox (not in chromium based browsers)]

1.Go to https://www.rosariosis.org/demonstration/ and login with administrator account

  1. Go to https://www.rosariosis.org/demonstration/Modules.php?modname=Resources/Resources.php

3.Create new link with content javaSCRIPT:alert(origin)

4.Click the link and observe a pop up

Image POC

https://drive.google.com/file/d/164Sk7viMV4gHvrmDykJZ9euivfoHlN-1/view?usp=sharing

https://drive.google.com/file/d/1-v6coqFoi0fQxjyak61XlH6GEFLiN2x7/view?usp=sharing

Video POC

https://drive.google.com/file/d/1JGwM0_WBShHRWnAc9l-9zY26ayZF3rSW/view?usp=sharing

Impact

User clicking the link can be affected by malicious javascript code created by the attacker.

We are processing your report and will contact the francoisjacquet/rosariosis team within 24 hours. 18 days ago
Domiee13 modified the report
18 days ago
We have contacted a member of the francoisjacquet/rosariosis team and are waiting to hear back 17 days ago
François Jacquet validated this vulnerability 17 days ago
Domiee13 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
François Jacquet confirmed that a fix has been merged on 6e213b 17 days ago
François Jacquet has been awarded the fix bounty
Domiee13
17 days ago

Researcher


@admin can we assign a CVE to this vulnerability?

Jamie Slome
17 days ago

Admin


Sorted 👍

to join this conversation