===================================================================================
Fork-CMS Stored XSS:

Stored XSS:

Author: Rafay Baloch

Introduction:

Cross Site scritping (XSS) has been a problem for ages, XSS occurs when the
input data is copied into application

responses without being sanitized properly. Normally their are three types
of XSS (Cross Site Scritping) attacks.

1. Non Persistent (REFELECTED)
2. Persistent (STORED)
3. DOM Based XSS

Impact:

- Stealing cookies (Since javascript is able to access document.cookie).
- Phishing attacks
- Spreading malware
- Taking over the entire browsers by exloiting the vulnerablities present
inside the browser.

Proof OF Concept:

The admin IDS input is not being sanitized properly. Therefore resulting in
a Stored XSS.

Payload: "><img src=x onerror=prompt(0);>

Target URL: http://demo.fork-cms.com/private/en/settings/index

Mitigations:

- Make sure any user input should be properly sanitized and should be
properly html encoded before
it's copied into application responses any time.

- Dangerous html characters should be replaces by corresponding html
entities before copied into the application response.