Headline
CVE-2021-27308: 4images v1.8 - 'Admin panel login' Cross-Site Scripting · Issue #3 · 4images/4images
A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the “redirect” parameter.
Vulnerable parameter: redirect
XSS sample Payload: '"()%26%25<ScRiPt%20>alert(document.cookie)</ScRiPt>
Steps to reproduce the vulnerability(POC):
1- Goto 4images admin panel page (demo instance:https://localhost/4images/admin/index.php)
2- Enter the credentials , Turn on the intercept and click on “Login”
3- copy paste the XSS payload after redirect=./…/admin/index.php%3Fsessionid=xxxxxPASTEPAYLOADHERE
4-Forward the request and you can see XSS is triggered.
Video POC: https://drive.google.com/file/d/12T39ZCqpbdz29gKptIdPnNHy1Nudr9Cs/view?usp=sharing
Impact:
With the help of xss attacker can perform social engineering on users by redirecting them from a real website to a fake ones. Attacker can steal their cookies leading to account takeover and download malware on their system, and there are many more attacking scenarios a skilled attacker can perform with XSS.