Connect with us

Hi, what are you looking for?

Cyber Security

Trio of XSS bugs in open source web apps could lead to complete system compromise

Researchers have released details on a trio of cross-site scripting (XSS) vulnerabilities in popular open source apps that could lead to remote code execution (RCE).

The security bugs, found by a research team from PT Swarm, were discovered in web development applications Evolution CMS, FUDForum, and GitBucket.

A traditional XSS attack allows the attacker’s JavaScript code to be executed in the victim user’s browser, opening the door to cookie theft, redirection to a phishing site, and much more.

Web security researcher Aleksey Solovev told The Daily Swig that this research, detailed in PT Swarm’s blog, relates to how “the combination of the discovered possibility of conducting an XSS attack and the built-in file manager (or executing a SQL query) in the administrator panel can lead to a complete compromise of the system”.

Triple threat

The first vulnerability, in Evolution CMS v3.1.8, could allow an attacker to carry out a reflected XSS attack in several places in the admin panel.

“An attacker could try to force a system administrator to follow a malicious link through social engineering, which would lead to the execution of malicious JavaScript code in the browser of the attacked,” Solovev told The Daily Swig.

“The consequence would be a complete compromise of the system by overwriting the executable file using the built-in file manager.”

A second flaw, found in FUDforum v3.1.1, could potentially allow a malicious actor to carry out a stored XSS attack in the name of the attached file in private messages.

“An attacker could send a private message to an administrator with a malicious payload in the name of the attached file,” said Solovev.

“When this message is read by the administrator, his browser would execute the JavaScript code and, using the built-in file manager, an executable file would be created that would allow the attacker to execute commands on the server.”

Finally, in GitBucket v4.37.1, a security bug was discovered that could enable an attacker to carry out a stored XSS attack in “several places”, according to Solovev.

An attacker had to create an issue in a public repository and inject a JavaScript code into the name of the assignment.

This event would be displayed in the general feed and the attacker’s profile. It was in these places that the insecure display of the task name with a malicious load was present, which led to the execution of JavaScript code in the browser of everyone who viewed these pages.

“In the admin panel, it was possible to execute SQL code based on the H2 Database Engine, for which there is already an exploit that allows you to execute a command on the server,” Solovev explained.

“Putting everything together, an attacker could attack the administrator and gain the ability to execute commands on the server.”

Advertisement. Scroll to continue reading.

Patches released

All three vulnerabilities are pending a CVE but have been patched by the maintainers of the projects, Solovev told The Daily Swig.

The researcher added that the main difficulty in discovering these flaws was to find the possibility of conducting an XSS attack.

“The rest of the steps were easier because they had public exploits for legitimate functionality in the form of a file manager in the admin panel,” he explained.

More information about the vulnerabilities and technical detail on the exploit can be found in PT Swarm’s blog.

Source: https://portswigger.net/daily-swig/trio-of-xss-bugs-in-open-source-web-apps-could-lead-to-complete-system-compromise

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO