Headline
CVE-2021-27520: Cross Site Scripting · Issue #2 · fudforum/FUDforum
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the “author” parameter.
What is XSS
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end-user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Affected Version- 3.1.0
Demo installation: https://localhost/fudforum/
XSS 1
Vulnerable parameter- srch
Vulnerable URL- https://localhost/fudforum/index.php?SQ=a5b48c6fe751b3278e1627b975b97beb&btn_submit=&srch=&t=search
Steps to reproduce the bug:
1- goto https://localhost/fudforum/index.php?t=search&
2- In “forum search” option, paste XSS payload
XSS payload: x" onmouseover=alert(1) x="
3- Hover your mouse to “x” and XSS will get triggered
Video POC: https://drive.google.com/file/d/19M4cGB-fL5V_fPJ7tsxlfv6WKgNYDqla/view?usp=sharing
XSS 2
vulnerable parameter- author
Vulnerable URL- https://localhost/fudforum/index.php?SQ=895de6292fa97eaee3e94fad7f3e1884&t=search&srch=&btn_submit=Search&field=all&forum_limiter=&attach=0&search_logic=AND&sort_order=REL&author=
Steps to reproduce the bug:
1- goto https://localhost/fudforum/index.php?t=search&
2- In the “Filter by User” search option, paste XSS payload
XSS payload: y" onmouseover=alert(2) y="
3- Hover your mouse to “y” and XSS will get triggered
Video POC: https://drive.google.com/file/d/16HfYLKXvoDSOMdi_ysH708X95IDvxuDq/view?usp=sharing
Impact of XSS:
If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. Amongst other things, the attacker can:
- Perform any action within the application that the user can perform.
- View any information that the user is able to view.
- Modify any information that the user is able to modify.
- Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.
- With the help of XSS a hacker or attacker can perform social engineering on users by redirecting them from real website to fake one. hacker can steal their cookies and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.