Zenphoto 1.6 - Multiple stored XSS

vendor:

Zenphoto

by:

Mirabbas Agalarov

7.5

CVSS

HIGH

Multiple stored XSS

CWE

Product Name: Zenphoto

Affected Version From: 1.6

Affected Version To: 1.6

Patch Exists: No

Related CWE:

CPE: a:zenphoto:zenphoto:1.6

Metasploit:

Other Scripts:

Platforms Tested: Linux

2023

Zenphoto 1.6 – Multiple stored XSS

The Zenphoto 1.6 application is vulnerable to multiple stored Cross-Site Scripting (XSS) attacks. These vulnerabilities allow an attacker to inject malicious scripts into various parts of the application, which can lead to unauthorized access or information disclosure.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user input and implement proper output encoding to prevent the execution of malicious scripts.

Source

Exploit-DB raw data:

Exploit Title: Zenphoto 1.6 - Multiple stored XSS
Application: Zenphoto-1.6 xss poc
Version: 1.6 
Bugs:  XSS
Technology: PHP
Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/
Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip
Date of found: 01-05-2023
Author: Mirabbas Ağalarov
Tested on: Linux 


2. Technical Details & POC
========================================
###XSS-1###
steps: 
1. create new album 
2. write Album Description : <iframe src="https://14.rs"></iframe> 
3. save and view album  http://localhost/zenphoto-1.6/index.php?album=new-album or http://localhost/zenphoto-1.6/

=====================================================
###XSS-2###
steps: 
1. go to user account and change user data (http://localhost/zenphoto-1.6/zp-core/admin-users.php?page=users)
2.change postal code  as <script>alert(4)</script>
3.if admin user information import as html , xss will trigger

poc video : https://youtu.be/JKdC980ZbLY