ITSLEARNING STORED XSS VULNERABILITY OR NOT?
- 1 minI’ve found an stored XSS on itslearning education system works without even autorized. Hacker can do lots of things via Itslearning stored XSS vulnerability. This XSS works without any authorization, so it is more dangerous than usual XSS.
Payload : I use <svg/onload=prompt(1)> but almost every payload works.
PoCs about itslearning stored XSS
Redirect via XSS; https://files.itslearning.com/data/2099/13132/xss.html
Alert via XSS; https://files.itslearning.com/data/2099/13132/add%20new%20filee.html?
Accessing Webcam via XSS; https://files.itslearning.com/data/2099/13132/add%20new%20file.html?
and a video about the details of the vulnerability.
https://youtu.be/BzRuvph7r_g
I hope you enjoy.
28 November 2017 - I’ve sent details about itslearning stored XSS vulnerability.
30 November 2017 - Itslearning security team explanation ; “1. We allow any kind of content on files.itslearning.com, unaltered.
2. The modifications that you experience are there to try to help the user building rich content using our editor and not to prevent XSS.”
System stays vulnerable to all kind of phishing attack or not? You decide.
UPDATE :
January 2018 - Itslearning considered it as a vulnerability and fixed completely.
Thanks;Ingvald Straume
Håkon Høydal
Martin Sundhaug