Stored Xss in Question field due to lack of sanitization in Link.php in thorsten/phpmyfaq
Jul 7th 2023
Stored XSS (Cross-Site Scripting) is a type of web application vulnerability that allows an attacker to inject malicious scripts into a website or web application. Unlike reflected XSS, where the malicious script is embedded in a URL and executed immediately, stored XSS involves the persistence of the malicious script on the target website.
Proof of Concept
1. Login as admin. 2. Go to Content -> Edit or Add FAQs -> in Question field, enter XSS payload like "><h1 onmouseover=alert(1)>XSS</h1> 3. Go to Category page that has xss payload FAQs and XSS will trigger.
Phishing, Steal tokens and session, make admin do whatever attacker wants (add new admin or reset admin pw), distribute malware, etc..