Reflected XSS at upload file in admidio/admidio

Valid

Reported on

Jul 17th 2023


Description

1/ Access to the demo website and login (at this case I used user admin)

2/ At function upload photo to an album, try upload a file with the name is payload XSS.

3/ The payload will be triggered at error content.

Proof of Concept

Video PoC: https://drive.google.com/file/d/1FyK2Oko0bEEAUbUmDoxP4LAls_2uMqeD/view?usp=sharing

Impact

Cross site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.

We are processing your report and will contact the admidio team within 24 hours. 7 months ago
We have contacted a member of the admidio team and are waiting to hear back 7 months ago
Markus
7 months ago

Maintainer


Could you please give an example of a file name that will execute at error. In your screenshot you show the result of the error message.

Chuu
7 months ago

Researcher


hi @maintainer, I'm sorry for not providing the file name. Filename with payload XSS is "><img src=x onerror=alert('XSS')>

Markus Faßbender validated this vulnerability 7 months ago
uonghoangminhchau has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Markus Faßbender marked this as fixed in 4.2.11 with commit a9955b 7 months ago
Markus Faßbender has been awarded the fix bounty
This vulnerability has now been published 6 months ago
to join this conversation