itslearning xss vulnerability 2

I’ve found an stored XSS on itslearning education system works without even autorized. Hacker can do lots of things via Itslearning stored XSS vulnerability. This XSS works without any authorization, so it is more dangerous than usual XSS.

Payload : I use <svg/onload=prompt(1)> but almost every payload works.

itslearning stored xss vulnerability details

PoCs about itslearning stored XSS 

Redirect via XSS; https://files.itslearning.com/data/2099/13132/xss.html

Alert via XSS; https://files.itslearning.com/data/2099/13132/add%20new%20filee.html?

Accessing Webcam via XSS; https://files.itslearning.com/data/2099/13132/add%20new%20file.html?

and a video about the details of the vulnerability.

I hope you enjoy.

28 November 2017 – I’ve sent details about itslearning stored XSS vulnerability.

30 November 2017 – Itslearning security team explanation ; “1. We allow any kind of content on files.itslearning.com, unaltered.

2. The modifications that you experience are there to try to help the user building rich content using our editor and not to prevent XSS.”

System stays vulnerable to all kind of phishing attack or not? You decide.

UPDATE :

January 2018 – Itslearning considered it as a vulnerability and fixed completely.

Thanks;Ingvald Straume

Håkon Høydal

Martin Sundhaug