=================================================================================== Fork-CMS Stored XSS: Stored XSS: Author: Rafay Baloch Introduction: Cross Site scritping (XSS) has been a problem for ages, XSS occurs when the input data is copied into application responses without being sanitized properly. Normally their are three types of XSS (Cross Site Scritping) attacks. 1. Non Persistent (REFELECTED) 2. Persistent (STORED) 3. DOM Based XSS Impact: - Stealing cookies (Since javascript is able to access document.cookie). - Phishing attacks - Spreading malware - Taking over the entire browsers by exloiting the vulnerablities present inside the browser. Proof OF Concept: The admin IDS input is not being sanitized properly. Therefore resulting in a Stored XSS. Payload: "> Target URL: http://demo.fork-cms.com/private/en/settings/index Mitigations: - Make sure any user input should be properly sanitized and should be properly html encoded before it's copied into application responses any time. - Dangerous html characters should be replaces by corresponding html entities before copied into the application response.