A stored xss vulnerability in "/account/details.php" of WebsiteBaker 2.10.0

Description:
WebsiteBaker 2.10.0 has a stored xss  vulnerability in "/account/details.php".

Details:
More details will be release after it is fixed( 90 days after being fixed)

Credit:
This bugs was discovered by ADLab of VenusTech.

 Details(public):
-------------------------------------------------------------------------------------------------------------
In "/account/details.php", 
    Line 22 has a var named $display_name which can be controlled by browser side.   
    Line 47 wirte $display_name to database with escapeString.

 After checking the html, we found that $display_name can bypass escapeString.

POC: 
   URL: http://localhost/websitebaker/account/preferences.php
   POST:action=details&display_name=233" onfocus="alert(/xss/)" autofocus="123



评论

  1. Unow222021年10月12日 18:33

    Keep it simple; first, try to abstain from drugs when you learn about your drug test. Work out regularly and incorporate fruits and vegetables into your diet to get detoxification started. Also, avoid fatty foods since the fat-soluble THC will cling to your body.The biggest bother for cannabis consumers is a drug test. On the one hand, cannabinoids such as CBD & Delta-8 THC are legal, and researchers are on a constant quest to study their medicinal properties. But, on the other hand, they will show up on a hair drug test and mark you a druggie! Based on the sample used, five types of hair drug tests are currently in use to detect drug use or the presence of THC in your system.

    回复删除

发表评论

此博客中的热门博文

A Reflected XSS Vulnerability in wordpres plugin"raygun4wp 1.8.0.0"

图片
Description: A Reflected XSS Vulnerability in wordpress plugin"raygun4wp 1.8.0.0" Status: Fixed From version 1.8.1 Details: This vulnerability exist in the file "raygun4wp/ sendtesterror.php", the critical code as follow screen snapshot: >> line 50 means that the variable $previousUrl is from browser side, so it can be controlled by user. >>line 54 means that web server side has no checking on $previousUrl before writing it to the response html, so if $previousUrl contains javascript code, the code will be executed on the browser side. So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil. http://localhost/wordpress/wp-content/plugins/raygun4wp/sendtesterror.php?backurl="/><script>alert("hacked");</script> Reference: htt
阅读全文