Videos
Published on November 25th, 2015 📆 | 5543 Views ⚑
0PHP-Fusion 9 XSS to RCE
TTS Demo
PHP-Fusion 9 was vulnerable to an XSS attack that can result in RCE.
If an administrator has access to only the robots.txt editor, they can create a stored XSS payload (https://gist.github.com/bscarvell/57f82000bf823071404e) to result in RCE.
When a more privileged user views this page, the payload will create a CSRF token, grab it and submit arbitrary PHP code.
** ISSUE IS FIXED **
2015-11-25 01:48:49
source
Gloss