Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS via Image File #6471

Open
rahadchowdhury opened this issue Apr 16, 2023 · 0 comments
Open

XSS via Image File #6471

rahadchowdhury opened this issue Apr 16, 2023 · 0 comments

Comments

@rahadchowdhury
Copy link

If you have the ChurchCRM software running, please file an issue using the Report an issue in the help menu.

On what page in the application did you find this issue?

I got issue CSVImport.php page.

On what type of server is this running? Dedicated / Shared hosting? Linux / Windows?

Windows Server

What browser (and version) are you running?

Brave browser [Version 1.50.119 Chromium: 112.0.5615.121]

What version of PHP is the server running?

7.4.29

What version of SQL Server are you running?

Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29

What version of ChurchCRM are you running?

v4.5.4

Description:
I found Cross site scripting (XSS) vulnerability in your ChurchCRM (v4.5.4) "Admin" menu to CSV Import page there Import data CSV uploader option. When I upload image file there malicious code inserted in image then the browser give me result. Because a browser can not know if the script should be trusted or not.

CMS Version:
v4.5.4

Affected URL:
http://127.0.0.1/churchcrm/CSVImport.php

Steps to Reproduce:

  1. First login your admin panel.
  2. Then click "Admin" menu and click "CSV Import" and you will get CSV file uploder option.

screenshot1

  1. now insert xss payload in jpg file using exiftool or from image properties.

screenshot2

  1. after then upload the jpg file.
  2. you will see XSS pop up.

screenshot3

Proof of Concept:
You can see the Proof of Concept. Which I've attached screenshots and video to confirm the vulnerability.

poc.mp4

Impact:
Attackers can make use of this to conduct attacks like phishing, steal sessions etc.

Let me know if any further info is required.

Thanks & Regards
Rahad Chowdhury
Cyber Security Specialist
https://www.linkedin.com/in/rahadchowdhury/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant