Reflected XSS in send2friend.php in thorsten/phpmyfaq

Valid

Reported on

Feb 17th 2023


Description

There is a reflected XSS in send2friend because the 'artlang' parameter is not sanitized.

Proof of Concept

visit http://phpmyfaq.local/?action=send2friend&artlang=aaaa"%3E%3Cscript%3Ealert(1);%3C/script%3E

Fix

sanitize the '$faqLanguage' variable in https://github.com/thorsten/phpMyFAQ/blob/main/phpmyfaq/send2friend.php#L70

Impact

Taking over the admin account.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a year ago
TsarSec modified the report
a year ago
thorsten/phpmyfaq maintainer has acknowledged this report a year ago
Thorsten Rinne gave praise a year ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Thorsten Rinne validated this vulnerability a year ago
tsarsecurity has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.12 with commit bbc5d4 a year ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has now been published a year ago
TsarSec
a year ago

Researcher


@admin ping

to join this conversation