Stored Xss in Question field due to lack of sanitization in Link.php in thorsten/phpmyfaq
Valid
Reported on
Jul 7th 2023
Description
Stored XSS (Cross-Site Scripting) is a type of web application vulnerability that allows an attacker to inject malicious scripts into a website or web application. Unlike reflected XSS, where the malicious script is embedded in a URL and executed immediately, stored XSS involves the persistence of the malicious script on the target website.
Proof of Concept
1. Login as admin.
2. Go to Content -> Edit or Add FAQs -> in Question field, enter XSS payload like "><h1 onmouseover=alert(1)>XSS</h1>
3. Go to Category page that has xss payload FAQs and XSS will trigger.
#POC https://drive.google.com/file/d/1thIMmEOUPSDTThO8eouvnYnBtAn_oOiW/view?usp=sharing
Impact
Phishing, Steal tokens and session, make admin do whatever attacker wants (add new admin or reset admin pw), distribute malware, etc..
References
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
2 months ago
The researcher's credibility has increased: +7
Thorsten Rinne
has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Jul 31st 2023
to join this conversation