Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security-Issue on "CyberWorks 3" #86

Closed
Zeziroth opened this issue Jul 26, 2019 · 2 comments

Comments

@Zeziroth
Copy link

commented Jul 26, 2019

Dear CyberByte-Team,

i'm a IT-Developer and Websecurity-Pentester.
I want to report a "Persistent XSS"-Vulnerability (https://en.wikipedia.org/wiki/Cross-site_scripting#Persistent_(or_stored) ).

With this vulnerability you only need the permission to write Notes. If so, you can inject malicous Code into the Website, which will be execute on every Computer that will visit the prepared User-Note (also Admins).
An attacker could inject malicous code, to change the admin password, change Bank/Cash-Balances of other Users and more.

Problem is:
Saved notes will be parsed without escaping, when someone looks up the notes of a specific user (for example)

Solution:
Escape the note before printing it in the "Notes-Table"

If further information is needed, just respond.

Proof of concept:
Not working in "issue-Ticket" because of Markup

Kind Regards,
Pascal Böhmer

(https://boehmer.pro/portfolio.php)

@cammygames cammygames self-assigned this Jul 26, 2019

@MightySCollins MightySCollins self-assigned this Jul 26, 2019

@MightySCollins

This comment has been minimized.

Copy link
Member

commented Jul 26, 2019

What about #87 as a fix

@MightySCollins

This comment has been minimized.

Copy link
Member

commented Jul 26, 2019

Cool well its merged now. Sadly due to the way the app has been done I am sure there will be other XSS vulnerabilities...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.