Site icon API Security Blog

Authenticated HTMLi via theme parameter on /lib/ajax.php

# Description
The theme parameter is vulnerable to HTMLi on /lib/ajax.php endpoint

# Proof of Concept
– go to https://v2.demo.froxlor.org
– Login with a user
– Go to https://v2.demo.froxlor.org/lib/ajax.php?action=newsfeed&theme=%3C/br%3E%3Ch1%3EHTMLi%20by%20leo_rac%3C/h1%3E%3Cbr%3E
– You’ll see the injected payload

![image](https://i.imgur.com/NYTKbAG.png)Read More

Exit mobile version