You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While writing reply on a post, wr_content parameter is not sanitized html tags, so when posting reply with a HTML tag caused Stored XSS attack.
[Attack Vectors]
_2024_01_17_19_33_11_286.mp4
As shown above, it is normally prohibited to enter HTML tags within a web browser, but if you manipulate HTTP requests using proxy tools such as Burp Suite or send web requests directly to the requests library to create comments, the HTML tags are reflected as they are.
This enables Stored XSS attacks by injecting the tag <script>.
mirusu400
changed the title
댓글 작성 시 HTML Escape 미처리로 인한 Stored XSS 취약점
Stored XSS vulnerability due to HTML Escape unprocessed when writing comments
Feb 21, 2024
Hello.
Currently, there is a writing vulnerability using the <script> tag when writing Gnubord g6 comments.
[Name of affected Product]
gnuboard 6
[Affected version]
58c737a
[Vulnerability Type]
[Root Cause]
wr_content
parameter is not sanitized html tags, so when posting reply with a HTML tag caused Stored XSS attack.[Attack Vectors]
_2024_01_17_19_33_11_286.mp4
As shown above, it is normally prohibited to enter HTML tags within a web browser, but if you manipulate HTTP requests using proxy tools such as Burp Suite or send web requests directly to the requests library to create comments, the HTML tags are reflected as they are.
This enables Stored XSS attacks by injecting the tag
<script>
.The bottom is a PoC Web request.
The text was updated successfully, but these errors were encountered: