4Images 1.8 - 'redirect' Reflected XSS

vendor:

4Images Gallery

by:

Piyush Patil

4.8

CVSS

MEDIUM

Reflected XSS

CWE

Product Name: 4Images Gallery

Affected Version From: 4Images Gallery 1.8

Affected Version To: 4Images Gallery 1.8

Patch Exists: YES

Related CWE: CVE-2021-27308

CPE: 4images

Metasploit: N/A

Platforms Tested: Windows 10 and Kali

2021

4Images 1.8 – ‘redirect’ Reflected XSS

A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the 'redirect' parameter.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS
# Exploit Author: Piyush Patil
# Vendor Homepage: https://www.4homepages.de/
# Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6
# Version: 4Images Gallery 1.8
# Tested on: Windows 10 and Kali
# CVE : CVE-2021-27308

-Description:
A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.


-Steps to reproduce:
1- Goto 4images admin panel page (demo instance: https://localhost/4images/admin/index.php)
2- Enter the credentials , Turn on the intercept and click on "Login"
3- copy paste the XSS payload after redirect=./../admin/index.php%3Fsessionid=xxxxxPASTEPAYLOADHERE
4-Forward the request and you can see XSS is triggered.