A reflected Cross-Site Scripting (XSS) vulnerability in fabrik_referrer hidden input field in fabrik forms allows remote attackers to inject arbitrary scripts via the unsanitized HTTP Referrer header.
Example
Given a fabrik form URL, for example http://www.foo.bar.com/vulnerable-form.html that contains an input field such as <input type="hidden" name="fabrik_referrer" value="http://sample.referrer.com" />, it is possible to reproduce the vulnerability by changing the referrer, for example with http://sample.referrer.com"accesskey="x"onclick="alert(1).
This may be possible via the following cURL command:
The text was updated successfully, but these errors were encountered:
dcianciulli
changed the title
Reflected Cross-Site Scripting (XSS) vulnerability in fabrik_referrer
Reflected Cross-Site Scripting (XSS) vulnerability in fabrik_referrer (CVE-2018-10727)
May 4, 2018
Issue description
A reflected Cross-Site Scripting (XSS) vulnerability in
fabrik_referrerhidden input field in fabrik forms allows remote attackers to inject arbitrary scripts via the unsanitized HTTPReferrerheader.Example
Given a fabrik form URL, for example
http://www.foo.bar.com/vulnerable-form.htmlthat contains an input field such as<input type="hidden" name="fabrik_referrer" value="http://sample.referrer.com" />, it is possible to reproduce the vulnerability by changing the referrer, for example withhttp://sample.referrer.com"accesskey="x"onclick="alert(1).This may be possible via the following cURL command:
curl -H 'Referer: http://sample.referrer.com"accesskey="x"onclick="alert(1)' 'http://www.foo.bar.com/vulnerable-form.html'CVE ID
CVE-2018-10727
Credits
Danilo Cianciulli*
Paolo Di Notte*
*: Koine Srl
The text was updated successfully, but these errors were encountered: