When a user with the 'Administer GXR' role tries to access the Search functionality, the following HTML code is returned: {html}form method="POST" action="admin.gxr"> input type="hidden" name="search" value=""> input type="text" name="q" value=""> input type="submit" value=""> input type="hidden" name="_xclick"> {/html} This can be exploited to execute arbitrary HTML code on the affected site. What’s worse, the affected version of RPCMS is v3.0.2 which was released in early 2019. As such, most hosting companies do not maintain older versions of their software. So, if a vulnerable version of RPCMS is installed, an attacker could leverage a XSS vulnerability to install malicious JavaScript code to hijack the site. An attacker can leverage host-level vulnerabilities to install malicious scripts on a website, which can then be used for XSS attacks.
Server-Side Logic Flaw
The vulnerability is a server-side logic flaw in RPCMS. As such, the vulnerable version must be installed on the server hosting the website. This means that if an attacker can access the server, they are able to exploit this issue and use it for XSS attacks.
RPCMS Vulnerability and Exploitation
An attacker can leverage host-level vulnerabilities to install malicious scripts on a website, which can then be used for XSS attacks. If a vulnerable version of RPCMS is installed, an attacker could leverage a XSS vulnerability to install malicious JavaScript code to hijack the site.
Timeline
Published on: 10/13/2022 14:15:00 UTC
Last modified on: 10/14/2022 18:16:00 UTC