Skip to content

RageFrame2 2.6.43 has a reflective XSS vulnerability #111

Open
@Hebing123

Description

@Hebing123

Summary

RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link containing malicious code.

Details

RageFrame2 2.6.43 does not sufficiently filter the upload_drive parameter, allowing an attacker to insert arbitrary html code by prematurely ending the script tag with the </script> closing.

Proof of Concept (POC)

http(s)://your-ip/backend/file/selector?boxId=1&multiple=0&upload_drive=local%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&upload_type=images
image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions