Lucene search
Josefjku7152B340-C6F3-4AC8-9F62-F764A267488DHistoryJan 23, 2023 - 9:56 p.m.
Stored XSS - allows stealing Admin and Users Cookies
2023-01-2321:56:09
josefjku
www.huntr.dev
9
stored xss
cross-site-scripting
vulnerability
javascript code
admin cookies
users cookies
exploitation steps
penetration test
0.001 Low
EPSS
Percentile
21.2%
Dear Ladies and Gentlemen,
First of all thank you for your time and effort in reading my Report.
While doing the Penetration Test my Brother Ahmed Hassan ([email protected]) and I were able to identify a stored XSS Cross-Site-Scripting Vulnerability.
The Process of the Vulnerability:
Login
Go to https://roy.demo.phpmyfaq.de/admin/?action=instances
Type any kind of Javascript Code like <script>alert(‘1’)</script>
The Attacker can inject Javascript Code and steal Users and Admin Cookies to takeover their Account.
Through this, any Attacker can inject Javascript Code and use further Vulnerabilities to use other Exploitation Steps.
Finally, I want to thank you for your time and effort, and hope to hear from you soon.
Best regards
Josef Hassan & Ahmed Hassan
Related
prion
prion
Cross site scripting
2023-02-12 14:15:00
cve
cve
CVE-2023-0791
2023-02-12 14:15:11
veracode
veracode
Cross-Site Scripting (XSS)
2023-02-22 08:59:10
cvelist
cvelist
CVE-2023-0791 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
2023-02-12 00:00:00
osv
osv
CVE-2023-0791
2023-02-12 14:15:11
Cross-site Scripting in thorsten/phpmyfaq
2023-02-12 15:30:25
cnvd
cnvd
phpMyFAQ Cross-Site Scripting Vulnerability (CNVD-2023-09633)
2023-02-14 00:00:00
nvd
nvd
CVE-2023-0791
2023-02-12 14:15:11
github
github
Cross-site Scripting in thorsten/phpmyfaq
2023-02-12 15:30:25
openvas
openvas
phpMyFAQ < 3.1.11 Multiple Vulnerabilities
2023-02-13 00:00:00