PHPMyFAQ 2.9.8 – Cross-Site Scripting (1)

• Exploit Database
• 33 阅读

• 作者： Ishaq Mohammed
  日期： 2017-09-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/42761/

• # Exploit Title: phpMyFAQ 2.9.8 Stored XSS
  # Vendor Homepage: http://www.phpmyfaq.de/
  # Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip
  # Exploit Author: Ishaq Mohammed
  # Contact: https://twitter.com/security_prince
  # Website: https://about.me/security-prince
  # Category: webapps
  # CVE: CVE-2017-14618
  
  1. Description
  
  Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ
  through 2.9.8 allows remote attackers to inject arbitrary web script or
  HTML via the Questions field in an "Add New FAQ" action.
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14618
  https://securityprince.blogspot.fr/2017/10/cve-2017-14618-phpmyfaq-298-cross-site.html
  
  2. Proof of Concept
  
  Steps to Reproduce:
  
   1. Open the affected link "
   http://localhost/phpmyfaq/admin/?action=editentry" with logged in user
   with administrator privileges
   2. Enter the <a onmouseover=alert(document.cookie)>xss link</a> in the
   “Questions”
   3. Save the FAQ
   4. Login using any other user or simply click on the phpMyFAQ on the
   top-right hand side of the web portal
   5. Click on the latest FAQ added
   6. Hover around the name "xss link"
  
  
  3. Solution:
  
  This vulnerability will be fixed in phpMyFAQ 2.9.9