Today I want to write about Fronter and Fronter XSS Vulnerabilies. Fronter is a learning platform from leading ICT provider, itslearning. Based on Nordic educational models, Fronter is a comprehensive teaching and learning solution used in schools and universities worldwide. As part of the itslearning portfolio, the Fronter solution has a full range of available support and professional services.
I found lots of XSS vulnerabilities on Itslearning as you know, Fronter was the goal after Itslearning.
Here is the story of 3 Fronter XSS Vulnerabilities
Our first payload is very typcial one; javascript:alert(1)
Second payload is powered by EMBED; <EMBED SRC=”https://mustafakemalcan.com/ ” width= 100% height= 100%></EMBED>
Last payload is more complicated than the other ones ; <object data=”data:text/html;base64,PHNjcmlwdD5wcm9tcHQoMSk8L3NjcmlwdD4=”>
I can add keylogger and make webcam request like before that stored XSS Itslearning vulnerability.
UPDATE :
02/04/2018 – I contacted to Fronter Team.
12/04/2018 – Fronter closed vulnerabilities.
07/05/2018 – Fronter decided to give 1200$ bounty to me.