===================================================================================
Fork-CMS Stored XSS:
Stored XSS:
Author: Rafay Baloch
Introduction:
Cross Site scritping (XSS) has been a problem for ages, XSS occurs when the
input data is copied into application
responses without being sanitized properly. Normally their are three types
of XSS (Cross Site Scritping) attacks.
1. Non Persistent (REFELECTED)
2. Persistent (STORED)
3. DOM Based XSS
Impact:
- Stealing cookies (Since javascript is able to access document.cookie).
- Phishing attacks
- Spreading malware
- Taking over the entire browsers by exloiting the vulnerablities present
inside the browser.
Proof OF Concept:
The admin IDS input is not being sanitized properly. Therefore resulting in
a Stored XSS.
Payload: "><img src=x onerror=prompt(0);>
Target URL: http://demo.fork-cms.com/private/en/settings/index
Mitigations:
- Make sure any user input should be properly sanitized and should be
properly html encoded before
it's copied into application responses any time.
- Dangerous html characters should be replaces by corresponding html
entities before copied into the application response.
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information