My Pentest Log -3- (Fuzzing + RXSS)

Greetings from Constantinople to all,

In this article, I would like to inform you about how I obtained Reflected XSS through a PDF module that I encountered while doing a web penetration test.

Throughout the article, the application name will be specified as private.com

1. Necessary information was given by our project manager to conduct a web penetration test on private.com.

2. As always, I first verified the scope form and started the necessary fuzzing.

3. During my research on the application, I found that the “Flip PDF” module was installed. (I detected the module with view-source).

So what does this mean for us?

4. I encounter pdf modules in almost every mobile and web test, but I knew there was a reflected xss vulnerability on the “Flip PDF” module that was detected by “Martin Thirup Christensen” and was simple to exploit.

5. I immediately went back to the target, performed the necessary xss process and in a very short time I recorded the reflected xss finding in the report :)

Request Performed:

https://private.com/test/test/bookcontent-swf.html?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=

Technical article on the current finding:

CVE-2017-7384: Reflected XSS in flippdf leaves thousands of websites vulnerable (0day)

In summary:

I definitely recommend you to do research on some specific modules you come across, you can decorate your report nicely :)

In addition, before trying the existing attack vectors in the application tests, I definitely recommend that you take care of the fuzzing process in a healthy way, in this way, you can easily detect some modules and identify the vulnerabilities that will motivate you during the test in a short time.