rageframe2 icon indicating copy to clipboard operation
rageframe2 copied to clipboard
verified publisher icon jianyan74

RageFrame2 2.6.43 has a reflective XSS vulnerability

Open Hebing123 opened this issue 1 year ago • 0 comments

Summary

RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link containing malicious code.

Details

RageFrame2 2.6.43 does not filter multiple parameters enough to allow an attacker to insert arbitrary html code by prematurely ending the ul tag with double quotes.

Proof of Concept (POC)

http(s)://your-ip/backend/file/selector?boxId=1&multiple=0&upload_drive=local%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&upload_type=images image

Hebing123 avatar Mar 21 '24 08:03 Hebing123