Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
XSS in custom (root) certificate #1964
I do not think the impact will be big, it only works with crafted certificates logged in as root.
It works on:
And a just complete upgraded firewall installation.
While adding a custom certificate authority, you can trigger an XSS in the admin panel.
Then I click further to certificates. (for adding a certificate to that fake root.
Clicking these away this is the result:
Here are the CA and certificate files I used.
added a commit
Nov 28, 2017
@AdSchellevis maybe there should be a separate channel for those bugs like an email address with a public GPG key to encrypt the mails to make sure there will not be any exploits in the wild using already fixed bugs before the next release. For example this (stored XSS) can be used for privilege escalation.
@fabianfrz it's quite unlikely that this will surface in the wild, but for sensitive information there are email addresses in place (project) that people can (and do) use.
I'm not entirely sure what the issue is in the certificate details view, your screenshots doesn't appear to have any script code in it.
@binaryfigments I just read your blog post and realised that another "thank you" is in order: thank you <3