Fronter XSS - 3 XSS in 1 Blogpost

Fronter XSS - 3 XSS in 1 Blogpost

- 1 min

Today I want to write about Fronter and Fronter XSS Vulnerabilies. Fronter is a learning platform from leading ICT provider, itslearning. Based on Nordic educational models, Fronter is a comprehensive teaching and learning solution used in schools and universities worldwide. As part of the itslearning portfolio, the Fronter solution has a full range of available support and professional services.

I found lots of XSS vulnerabilities on Itslearning as you know, Fronter was the goal after Itslearning.

Here is the story of 3 Fronter XSS Vulnerabilities 

fronter XSS

Our first payload is very typcial one; javascript:alert(1)

Second payload is powered by EMBED; <EMBED SRC=”https://mustafakemalcan.com/ ” width= 100% height= 100%></EMBED>

Last payload is more complicated than the other ones ; 

I can add keylogger and make webcam request like before that stored XSS Itslearning vulnerability.

UPDATE :

02/04/2018 - I contacted to Fronter Team.

12/04/2018 - Fronter closed vulnerabilities.

07/05/2018 - Fronter decided to give 1200$ bounty to me.

rss facebook twitter github mail instagram linkedin
rss facebook twitter github mail instagram linkedin