This is a technical writeup detailing a stored XSS vulnerability in phpMyFAQ 2.9.0, where the `filter_input()` function with `FILTER_VALIDATE_URL` fails to sanitize user input, allowing malicious scripts to be injected via the 'Link for this FAQ' field. The exploit is triggered when an admin activates the article or when the `records.defaultActivation` option is enabled.
Classification
Writeup 90%
Target:
phpMyFAQ 2.9.0
Auth required
Prerequisites:
User access to propose FAQ entries · Admin activation of the malicious FAQ entry or enabled `records.defaultActivation` option