A stored xss vulnerability in "/account/details.php" of WebsiteBaker 2.10.0

Description:
WebsiteBaker 2.10.0 has a stored xss  vulnerability in "/account/details.php".

Details:
More details will be release after it is fixed( 90 days after being fixed)

Credit:
This bugs was discovered by ADLab of VenusTech.

Details(public):
-------------------------------------------------------------------------------------------------------------
In "/account/details.php", 
    Line 22 has a var named $display_name which can be controlled by browser side.   
    Line 47 wirte $display_name to database with escapeString.

After checking the html, we found that $display_name can bypass escapeString.

POC: 
   URL: http://localhost/websitebaker/account/preferences.php
   POST:action=details&display_name=233" onfocus="alert(/xss/)" autofocus="123



评论

此博客中的热门博文

A SQL injection vulnerability in "/account/details.php" of WebsiteBaker 2.10.0