Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram
CVE

CVE-2022-3869 – Froxlor

Html Injection in Login Page

HTML Injection is a vulnerability in which the attacker can inject malicious html content in the login webpage.

POC – Proof of concept

PAYLOAD: https://demo.froxlor.org/index.php?showmessage=4&customermail=%22%3Cmarquee%3E%3Ch3%3EHTML/INJECTION/HERE%[email protected]

Impact

They can manipulate a trustful but vulnerable website against HTML Injection. They can create a fake webpage by using stored HTML Injection or they achieve XSS. After achieving XSS threat actors can steal cookies, hijack accounts, steal credentials and other sensitive information. Or an attacker can use tag <a href=”http://evil.com”>click here to get gift</a> it attack phishing to redirect the victim to another website.

Severity

https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Reference

https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b/

https://nvd.nist.gov/vuln/detail/CVE-2022-3869

https://huntr.dev/repos/froxlor/froxlor