Lucene search
Ahmedvienna9E21156B-AB1D-4C60-88EF-8C9F3E2FEB7FHistoryJan 21, 2023 - 11:09 p.m.
HTML-Injection
2023-01-2123:09:46
ahmedvienna
www.huntr.dev
14
html-injection
penetration test
reflected
vulnerability
exploitation
0.001 Low
EPSS
Percentile
30.4%
Dear Ladies and Gentlemen,
First of all thank you for your time and effort reading my Report.
While doing the Penetration Test i was able to identify an reflected HTML-Injection.
The Process of the Vulnerability:
- Login
- Go to https://roy.demo.phpmyfaq.de/admin/?action=tags
- Type any kind of HTML Code and it will be interpreted as HTML Code
Example for the HTML Code:
<h1> HTML INJECTION BY AHMED HASSAN</h1>
or
</h2>special offer <a href>malicious link</a><h2>
The Attacker can inject Link, Phishing Links, etc. to inject malicious Code
Through this, any Attacker can inject HTML Code and use further Vulnerabilities to use other Exploitation Steps.
At the end, I want to thank you for your time and effort and hope hearing from you soon.
Best regards
Ahmed Hassan
Related
osv
osv
CVE-2023-0792
2023-02-12 14:15:11
Code Injection in thorsten/phpmyfaq
2023-02-12 15:30:25
veracode
veracode
HTML Injection
2023-02-22 06:26:56
cvelist
cvelist
CVE-2023-0792 Code Injection in thorsten/phpmyfaq
2023-02-12 00:00:00
nvd
nvd
CVE-2023-0792
2023-02-12 14:15:11
github
github
Code Injection in thorsten/phpmyfaq
2023-02-12 15:30:25
cnvd
cnvd
phpMyFAQ code injection vulnerability
2023-02-14 00:00:00
prion
prion
Code injection
2023-02-12 14:15:00
cve
cve
CVE-2023-0792
2023-02-12 14:15:11
openvas
openvas
phpMyFAQ < 3.1.11 Multiple Vulnerabilities
2023-02-13 00:00:00