bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/42761.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

37 lines
No EOL
1.2 KiB
Text
Raw Blame History

# Exploit Title: phpMyFAQ 2.9.8 Stored XSS
# Vendor Homepage: http://www.phpmyfaq.de/
# Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip
# Exploit Author: Ishaq Mohammed
# Contact: https://twitter.com/security_prince
# Website: https://about.me/security-prince
# Category: webapps
# CVE: CVE-2017-14618
1. Description
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ
through 2.9.8 allows remote attackers to inject arbitrary web script or
HTML via the Questions field in an "Add New FAQ" action.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14618
https://securityprince.blogspot.fr/2017/10/cve-2017-14618-phpmyfaq-298-cross-site.html
2. Proof of Concept
Steps to Reproduce:
1. Open the affected link "
http://localhost/phpmyfaq/admin/?action=editentry" with logged in user
with administrator privileges
2. Enter the <a onmouseover=alert(document.cookie)>xss link</a> in the
“Questions”
3. Save the FAQ
4. Login using any other user or simply click on the phpMyFAQ on the
top-right hand side of the web portal
5. Click on the latest FAQ added
6. Hover around the name "xss link"
3. Solution:
This vulnerability will be fixed in phpMyFAQ 2.9.9
Reference in a new issue View git blame Copy permalink