phpMyFAQ 2.9.8 Cross Site Scripting

phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability.


MD5 | 2b2916bf8ae5e462ba6e63e2b70a1165

# Exploit Title: phpMyFAQ 2.9.8 Stored XSS
# Vendor Homepage: http://www.phpmyfaq.de/
# Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip
# Exploit Author: Ishaq Mohammed
# Contact: https://twitter.com/security_prince
# Website: https://about.me/security-prince
# Category: webapps
# CVE: CVE-2017-14618

1. Description

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ
through 2.9.8 allows remote attackers to inject arbitrary web script or
HTML via the Questions field in an "Add New FAQ" action.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14618

2. Proof of Concept

Steps to Reproduce:
1. Open the affected link "http://localhost/phpmyfaq/
admin/?action=editentry" with logged in user with administrator privileges
2. Enter the <a onmouseover=alert(document.cookie)>xss link</a> in the
aQuestionsa
3. Save the FAQ
4. Login using any other user or simply click on the phpMyFAQ on the
top-right hand side of the web portal
5. Click on the latest FAQ added
6. Hover around the name "xss link"


3. Solution:

The issue is now patched by the vendor
https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d25967
1e7bb6bb86

--
Best Regards,
Ishaq Mohammed
https://about.me/security-prince

Related Posts

Comments