phpVibe < 4.20 - Persistent Cross-Site Scripting

• Exploit Database
• 15 阅读

• 作者： Filippos Mastrogiannis
  日期： 2015-07-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/37659/

• # phpVibe < 4.20 Stored XSS
  
  # Vendor Homepage: http://www.phpvibe.com
  # Affected Versions: prior to 4.20
  
  # Discovered by Filippos Mastrogiannis
  # Twitter: @filipposmastro
  # LinkedIn: https://www.linkedin.com/pub/filippos-mastrogiannis/68/132/177
  
  -- Description --
  
  This stored XSS vulnerability allows any logged in user
  to inject malicious code in the comments section:
  e.g. "><body onLoad=confirm("XSS")>
  
  The vulnerability exists because the user input is not properly sanitized
  and this can lead to malicious code injection that will be executed on the
  target’s browser
  
  -- Proof of Concept --
  
  1. The attacker posts a new comment which contains our payload:
  "><body onLoad=confirm("XSS")>
  
  2. The stored XSS can be triggered when any user visits the link of the
  uploaded content
  
  -- Solution --
  
  The vendor has fixed the issue in the version 4.21