fronter xss vulnerabilities 2

Today I want to write about Fronter and Fronter XSS Vulnerabilies. Fronter is a learning platform from leading ICT provider, itslearning. Based on Nordic educational models, Fronter is a comprehensive teaching and learning solution used in schools and universities worldwide. As part of the itslearning portfolio, the Fronter solution has a full range of available support and professional services.

I found lots of XSS vulnerabilities on Itslearning as you know, Fronter was the goal after Itslearning.

Here is the story of 3 Fronter XSS Vulnerabilities 

fronter XSS

Our first payload is very typcial one; javascript:alert(1)

Second payload is powered by EMBED; <EMBED SRC=”” width= 100% height= 100%></EMBED>

Last payload is more complicated than the other ones ; <object data=”data:text/html;base64,PHNjcmlwdD5wcm9tcHQoMSk8L3NjcmlwdD4=”>

I can add keylogger and make webcam request like before that stored XSS Itslearning vulnerability.

UPDATE :

02/04/2018 – I contacted to Fronter Team.

12/04/2018 – Fronter closed vulnerabilities.

07/05/2018 – Fronter decided to give 1200$ bounty to me.