HTML injection Leads to Open redirection in froxlor/froxlor
Jul 30th 2023
HTML Injection Leads to Open Redirection is a dangerous web security issue. Attackers inject malicious HTML code into vulnerable websites, allowing them to execute harmful scripts in users' browsers. This may lead to unauthorized actions on users' behalf and redirect them to malicious sites. Proper input validation and security measures are essential to prevent this threat.
#Step to reproduce
1. Navigate to the URL "http://192.168.2.107/admin_index.php" login as admin
2. Select admins edit functionality from resources and click edit button
3. Enter the html payload in to Custom notes and save
4. Then now click on the view button as well as click close button , so at time we can see the website is redirected to malicious website
Proof of Concept:
Compromised Data: Sensitive user information, like login credentials, can be stolen. Unauthorized Access: Attackers gain control of user accounts through exploited session cookies. Phishing Attacks: Users are redirected to deceptive sites, facilitating phishing schemes.