4Images 1.8 – ‘redirect’ Reflected XSS

• Exploit Database
• 15 阅读

• 作者： Piyush Patil
  日期： 2021-06-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49945/

• # Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS
  # Exploit Author: Piyush Patil
  # Vendor Homepage: https://www.4homepages.de/
  # Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6
  # Version: 4Images Gallery 1.8
  # Tested on: Windows 10 and Kali
  # CVE : CVE-2021-27308
  
  -Description:
  A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.
  
  
  -Steps to reproduce:
  1- Goto 4images admin panel page (demo instance: https://localhost/4images/admin/index.php)
  2- Enter the credentials , Turn on the intercept and click on "Login"
  3- copy paste the XSS payload after redirect=./../admin/index.php%3Fsessionid=xxxxxPASTEPAYLOADHERE
  4-Forward the request and you can see XSS is triggered.