Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WangEditor 5 editor has a storage XSS vulnerability #2

Open
Cutegod opened this issue Jan 17, 2023 · 0 comments
Open

WangEditor 5 editor has a storage XSS vulnerability #2

Cutegod opened this issue Jan 17, 2023 · 0 comments

Comments

@Cutegod
Copy link
Owner

Cutegod commented Jan 17, 2023

Preface
WangEditor 5 is an html rich text editor component developed based on javascript and css, which is open source and free. The first version of the product was released in November 2014. Rich text editor is one of the projects with the highest front-end complexity. An excellent product requires long-term design, research and development and iteration. The construction period is calculated by years

Component official website
https://www.wangeditor.com/

Product
WangEditor

Affected version
Version <= 5

POC

<iframe srcdoc=</iframe>

Vulnerability environment construction
Refer to the official website link
https://www.wangeditor.com/v5/getting-started.html
Refer to bilbilbil video
https://www.bilibili.com/video/BV1xY4y147Hq/?spm_id_from=333.999.0.0

The official documents and videos are more detailed and will not be described here. After installing wangEditor, you can refer to your own building code.
Attach the source code you built for reference, or there is a demo built by yourself on the official website, which can also be accessed directly
https://www.wangeditor.com/demo/index.html

1 1
1 2
After successful local construction
1 3

Or directly use the official website demo
https://www.wangeditor.com/demo/index.html
1 4
code analysis
According to the official website building tutorial, after installing the wangeditor editor, you need to reference the wangeditor editor. You need to reference the wangeditor's css and js in the head tag and body respectively. (Please refer to the above vulnerability environment building details for details)
1 5
You can see 30 lines of online referenced js files, track and reference wangeditor files, and search globally for data-w-e-type="video"
https://unpkg.com/ @wangeditor/ editor@5.1.23 /dist/index.js
In this line, we can see that the video link iframe we entered is not properly filtered, which leads to the subsequent use of the storage XSS vulnerability of iframe
1 6
After local debugging, you can see that the relevant xss filtering has not been done well, resulting in the editor's storage XSS vulnerability.
1 7
Vulnerability exploitation
Local utilization effect
1 8
Fill in the POC and click OK to cause a storage-type XSS vulnerability.
1 9
1 10
If you use the official website demo, the effect is as follows
1 11

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant