| Titolo | chaitak-gorai blogbook latest version as of 2025/05/23 Cross Site Scripting |
|---|
| Descrizione | A stored Cross-Site Scripting (XSS) vulnerability exists in the BlogBook application, exploitable through the user registration process and triggered within the admin panel. The application fails to adequately sanitize user-supplied input for the fullname parameter during new user account creation. Consequently, an attacker can register an account with malicious JavaScript code embedded in their fullname field. This malicious script is then stored in the application's database (as user_firstname).
The XSS payload is executed when an administrator or any privileged user navigates to the /admin/users.php page, which displays a list of registered users including their first names. The unsanitized user_firstname (containing the attacker's payload) is rendered directly on this page, causing the script to run in the administrator's browser.
This vulnerability was successfully exploited to steal session cookies (e.g., PHPSESSID) from an administrator viewing the /admin/users.php page. With the stolen administrator session cookie, an attacker can hijack the administrator's session, gaining full administrative control over the BlogBook application. This allows for unauthorized data access, modification, user impersonation, and potentially further system compromise. |
|---|
| Fonte | ⚠️ https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20Stored%20XSS%20in%20User%20Registration%20via%20fullname%20Parameter%20Leading%20to%20Admin%20Account%20Takeover.md |
|---|
| Utente | bpy9ft (UID 85221) |
|---|
| Sottomissione | 23/05/2025 05:58 (1 Anno fa) |
|---|
| Moderazione | 31/05/2025 18:13 (9 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 310747 [chaitak-gorai Blogbook fino a 92f5cf90f8a7e6566b576fe0952e14e1c6736513 /register_script.php fullname cross site scripting] |
|---|
| Punti | 20 |
|---|