stored HTML-Injection in the FAQ-Proposal in thorsten/phpmyfaq

Valid

Reported on

Jan 24th 2023

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan (mohammedzidan99@gmail.com ) and I were able to identify another stored HTML-Injection Vulnerability in the FAQ-Proposal Form. The Process of the Vulnerability:

  1. Login
  2. Go to https://roy.demo.phpmyfaq.de/index.php?sid=61&lang=de&action=add&cat=0
  3. Any User will be able to submit questions that need to be verified by the Administrator.
  4. As soon as the Administrator will review the Question and accept it the HTML Code will work after refreshment.
  5. The User can submit HTML code and it will run as Code.
  6. Type any kind of JavaScript Code like <h1>1</h1> The Attacker can inject HTML Code and to do further malicious things like Phishing, Malware Download, redirecting to malicious Sites etc. Through this, any Attacker can inject HTML Code and use further Vulnerabilities to use other Exploitation Steps. Finally, I want to thank you for your time and effort, and hope to hear from you soon.

Best regards Ahmed Hassan & Josef Hassan

Impact

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan (mohammedzidan99@gmail.com ) and I were able to identify another stored HTML-Injection Vulnerability in the FAQ-Proposal Form. The Process of the Vulnerability:

  1. Login
  2. Go to https://roy.demo.phpmyfaq.de/index.php?sid=61&lang=de&action=add&cat=0
  3. Any User will be able to submit questions that need to be verified by the Administrator.
  4. As soon as the Administrator will review the Question and accept it the HTML Code will work after refreshment.
  5. The User can submit HTML code and it will run as Code.
  6. Type any kind of JavaScript Code like <h1>1</h1> The Attacker can inject HTML Code and to do further malicious things like Phishing, Malware Download, redirecting to malicious Sites etc. Through this, any Attacker can inject HTML Code and use further Vulnerabilities to use other Exploitation Steps. Finally, I want to thank you for your time and effort, and hope to hear from you soon.

Best regards Ahmed Hassan & Josef Hassan

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 10 months ago
We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 10 months ago
thorsten/phpmyfaq maintainer has acknowledged this report 10 months ago
Thorsten Rinne gave praise 10 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Thorsten Rinne validated this vulnerability 10 months ago
Ahmed Hassan has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.11 with commit 40515c 10 months ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Feb 28th 2023
Thorsten Rinne published this vulnerability 10 months ago
to join this conversation