Описание
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
Summary
Vulnerable Version: Yeswiki < v4.5.4
Category: Injection
CWE: 79: Improper Neutralization of Input During Web Page Generation (CWE-79)
CVSS: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Vulnerable Endpoint: /?BazaR/bazariframe
Vulnerable Parameter: template
Payload: <script>alert(1)</script>
Details
Reflected Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
PoC
- Visit the endpoint as mentioned below and see that an alert box pops up:
URL with Payload:
https://yeswiki.net/?BazaR/bazariframe&id=2&template=%3cscript%3ealert(1)%3c%2fscript%3e
Impact
An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content.
Пакеты
yeswiki/yeswiki
<= 4.5.3
4.5.4
Связанные уязвимости
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.