phpMyFAQ 2.9.8 – Cross-Site Scripting (2)

• Exploit Database
• 14 阅读

• 作者： Ishaq Mohammed
  日期： 2017-10-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/42987/

• # Exploit Title: phpMyFAQ 2.9.8 Stored XSS
  # Vendor Homepage: http://www.phpmyfaq.de/
  # Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip
  # Exploit Author: Ishaq Mohammed
  # Contact: https://twitter.com/security_prince
  # Website: https://about.me/security-prince
  # Category: webapps
  # CVE: CVE-2017-14619
  
  1. Description
  
  Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows
  remote attackers to inject arbitrary web script or HTML via the "Title of
  your FAQ" field in the Configuration Module.
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14619
  https://securityprince.blogspot.fr/2017/10/cve-2017-14619-phpmyfaq-298-cross-site_92.html
  
  2. Proof of Concept
  
  Steps to Reproduce:
  
   1. Open the affected link http://localhost/phpmyfaq/admin/?action=config
   with logged in user with administrator privileges
   2. Enter the <marquee onscroll=alert(document.cookie)> in the “Title of
   your FAQ field”
   3. Save the Configuration
   4. Login using any other user or simply click on the phpMyFAQ on the
   top-right hand side of the web portal
  
  
  3. Solution:
  
  The Vulnerability will be fixed in the next release of phpMyFAQ