phpMyFAQ 2.9.8 Cross Site Scripting

phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker can embed malicious script code in the title of the faq.


MD5 | 6642a0d4af122419de48faf1002027e6

# Exploit Title: phpMyFAQ 2.9.8 Stored XSS
# Vendor Homepage: http://www.phpmyfaq.de/
# Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip
# Exploit Author: Ishaq Mohammed
# Contact: https://twitter.com/security_prince
# Website: https://about.me/security-prince
# Category: webapps
# CVE: CVE-2017-14619

1. Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows
remote attackers to inject arbitrary web script or HTML via the "Title of
your FAQ" field in the Configuration Module.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14619

2. Proof of Concept

Steps to Reproduce:

1. Open the affected link http://localhost/phpmyfaq/admin/?action=config
with logged in user with administrator privileges
2. Enter the <marquee onscroll=alert(document.cookie)> in the aTitle of
your FAQ fielda
3. Save the Configuration
4. Login using any other user or simply click on the phpMyFAQ on the
top-right hand side of the web portal


3. Solution:

The Vulnerability will be fixed in the next release of phpMyFAQ

--
Best Regards,
Ishaq Mohammed
https://about.me/security-prince

Related Posts