Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS through Emergency Alert #28

Open
Securitybits-io opened this issue Feb 16, 2022 · 0 comments
Open

XSS through Emergency Alert #28

Securitybits-io opened this issue Feb 16, 2022 · 0 comments
Labels
enhancement New feature or request
Milestone

Comments

@Securitybits-io
Copy link

In the FreeTAKServer-UI there is a function to create and view Emergency Alerts that are originating from either the End User Device or from the UI itself. Both Avenues are susceptible to a Stored Cross Site scripting vulnerability in the Callsign parameter.

Web Interface

In the case of a XSS in the WebUI it is as simple as having a callsign with the payload of <img src onerror=alert(/payload/)> which will trigger the Emergency function and display the emergency in the WebUI.

xss_webui_payload

xss_webui_alert

End User Device

What's more interesting of a scenario is that it is possible to push Emergencies from any of the EUDs, these can range from a 911, TIC (Troops in Contact) or similar.

This can be chained together with the API keys leakage in the response in order to obtain a server RestAPI key for further exploitation, which can take a normal user in the field to a Web Server admin

xss_enduserdevice_payload

xss_enduserdevice_webui_payload

xss_enduserdevice_alert

@brothercorvo brothercorvo added the enhancement New feature or request label Sep 6, 2022
@brothercorvo brothercorvo added this to the 2.4 milestone Sep 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants