Stored Cross Site Scripting in Codoforum Latest Verson v4.8.3
Introduction:
| Affected Product: | CodoForum 4.8.3 |
| Vendor Contact: | admin@codologic.com |
| Vulnerability Type: | Stored XSS |
| Remote Exploitable: | Yes |
Vulnerability Description
Various components of CodoForum are vulnerable to cross site scripting. With this, it is possible to inject and execute arbitrary JavaScript code. This can for example be used by an attacker to inject a JavaScript keylogger, bypass CSRF protection, or perform phishing attacks and able to steal other users cookies and user agent
The attacks can be exploited by getting the victim to click a link or visit an attacker controlled website, Codoforum allows xss via Post ,
This is the Critical Stored Cross site Scripting Vulnerability found in Codoforum Latest Version, where any user or attacker can able to steal other admins or user cookie by simply posting xss links in forums, each time it got triggered when someone get reply for that post,
The user posting mechanism is critically vulnerable to Stored Cross site scripting issue. Login to the codoforum application as an user
Click on start a new topic to post something in forum Craft XSS payloads in each input section( eg: title name, content etc) Click on Post the content, You can see that particular post is successfully saved in the server and appear in the front page. Click on the post and click reply section you can see xss triggers while click on reply tab.then after that click on start new topic, u can see, it is stored in server and each time it gets triggered user clicks on start new topic
Reproduction Steps:
Install Codoforum in Localhost >> Start new topic
> section and create new post using XSS payload Give Display name and
> title name as XSS payload Click on the POST Option , it will be
> successfully posted and any user can see the post. When any admin or
> user tried to reply to the specific post XSS triggers as well as any
> other user try to create a new topic , then also it triggers because
> those xss payloads stored in Server(database)
POC:
POC:
Comments
Post a Comment