SPIP 4.3.3 — Stored XSS Vulnerability

Description:

An XSS vulnerability was discovered in SPIP 4.3.3 It allows admin user account to create and inject malicious scripts via Article function, which are then executed in other browsers.

Payload:

<script>alert(/Grim The Ripper Team by SOSECURE Thailand/)</script>

Affected Component :

http://IP/ecrire/?exec=article_edit&new=oui

Proof of Concept:

First, login to the target application.

http://IP/spip.php?page=login

We login to the target application with admin privileges.

To create a new Sections, begin by clicking on the “Edit” tab and click on the “Articles”

Clicking on “Write a new article” this will open a new window or panel where you can create a new article.

Enter information into the form provided and input the XSS payload in the Title field then click “Save” button.

Then click on Show preview.

Author:

Grim The Ripper Team by SOSECURE Thailand