File upload filter bypass leading to stored XSS in microweber/microweber
Mar 11th 2022
Proof of Concept (taking chtml as example)
Step (1) Login to the demo portal with admin creds at https://demo.microweber.org/demo/admin/
Step (2) Add new > Page > Add file in picture
Step (3) Upload below file with content below and named as xss.chtml <div onmouseover="alert(document.domain)" style="position:fixed;left:0;top:0;width:9999px;height:9999px;"></div>
Step(4) Access the link in response and once you move the cursor, alert box will be prompted
If an attacker can control a script that is executed in the victim's browser, they might compromise that user, in this case, an admin, by stealing its cookies.