stored XSS through Question sending in thorsten/phpmyfaq

Valid

Reported on

Jan 23rd 2023


Dear Ladies and Gentlemen,

First of all, thank you for your time and effort in reading my Report.

While doing the Penetration Test my Brother Ahmed Hassan (hassanahmed8199@gmail.com) and I were able to identify another stored XSS Cross-Site-Scripting Injection Vulnerability.

The Process of the Vulnerability:

Login
Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&category_id=0
Any User will be able to submit questions that need to be verified by the Administrator.
As soon as the Administrator will review the Question and accept it the Javascript Code will work after refreshment.
The User can submit JavaScript Code and it will run as Code.
Type any kind of JavaScript Code like <script>alert(‘1’)</script>
The Attacker can inject JavaScript Code and steal the Admin Cookies

Through this, any Attacker can inject JavaScript Code and use further Vulnerabilities to use other Exploitation Steps.

Finally, I want to thank you for your time and effort, and hope to hear from you soon.

Best regards Josef Hassan & Ahmed Hassan

Impact

Dear Ladies and Gentlemen,

First of all, thank you for your time and effort in reading my Report.

While doing the Penetration Test my Brother Ahmed Hassan (hassanahmed8199@gmail.com) and I were able to identify another stored XSS Cross-Site-Scripting Injection Vulnerability.

The Process of the Vulnerability:

Login
Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&category_id=0
Any User will be able to submit questions that need to be verified by the Administrator.
As soon as the Administrator will review the Question and accept it the Javascript Code will work after refreshment.
The User can submit JavaScript Code and it will run as Code.
Type any kind of JavaScript Code like <script>alert(‘1’)</script>
The Attacker can inject JavaScript Code and steal the Admin Cookies

Through this, any Attacker can inject JavaScript Code and use further Vulnerabilities to use other Exploitation Steps.

Finally, I want to thank you for your time and effort, and hope to hear from you soon.

Best regards Josef Hassan & Ahmed Hassan

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a year ago
We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back a year ago
thorsten/phpmyfaq maintainer has acknowledged this report a year ago
Thorsten Rinne validated this vulnerability a year ago
josefjku has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.11 with commit b76d58 a year ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has now been published a year ago
to join this conversation