Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SECURITY: Stored Cross-site Scripting (XSS) Vulnerability detected in File Names #180

Closed
TheBinitGhimire opened this issue May 20, 2019 · 2 comments
Closed

SECURITY: Stored Cross-site Scripting (XSS) Vulnerability detected in File Names #180

TheBinitGhimire opened this issue May 20, 2019 · 2 comments

Comments

@TheBinitGhimire
Copy link

TheBinitGhimire commented May 20, 2019
edited
Loading

Hello @prasathmani!

I was able to discover a Stored Cross-site Scripting (XSS) vulnerability in the latest version of TinyFileManager that allows me to execute my HTML/JavaScript codes in the TinyFileManager itself.

Here are the steps to reproduce the vulnerability:

  1. Upload TinyFileManager in your website or view it through local server and login to the platform in case $use_auth is 'true'.
  2. Click on "New item" in the top-right corner and then create a new file.
  3. After the file is created, click on the "Rename" icon next to the "Delete" icon corresponding to the file.
  4. Enter the following XSS payload in the file name field:
    "><svg onload=alert(1)>.ext
    (Replace 'ext' with the file extension)
  5. Now, click on "Ok" and when the platform saves the changes and reloads the page, your XSS payload will be executed.

Stored XSS vulnerability in tinyfilemanager

This is how the Stored Cross-site Scripting (XSS) vulnerability can be reproduced and further exploited in the latest version of the TinyFileManager (/prasathmani/tinyfilemanager/).

I hope you would patch this issue during the next update to the file manager.

Thanks,
Binit Ghimire (@thebinitghimire)
prasathmani pushed a commit that referenced this issue Jul 23, 2019
Some language strings are missing. And other... #192
3114fa9 
view file is insecure #187
Get files size (recursive) #186
There is no possibility for translation for some hints (title =) #185
View dirSize instead of word "Folder" #184
Document type detection #183
Stored Cross-site Scripting (XSS) Vulnerability detected in File Names #180
strings in code #177
Remove tracking #164
@prasathmani
Copy link
Owner

fixed

@TheBinitGhimire
Copy link
Author

Good to hear that the issue has been fixed!

@TheBinitGhimire TheBinitGhimire changed the title Stored Cross-site Scripting (XSS) Vulnerability detected in File Names SECURITY: Stored Cross-site Scripting (XSS) Vulnerability detected in File Names Nov 24, 2020
ner00 pushed a commit to ner00/tinyfilemanager that referenced this issue May 7, 2023
Some language strings are missing. And other... prasathmani#192
e686473 
view file is insecure prasathmani#187
Get files size (recursive) prasathmani#186
There is no possibility for translation for some hints (title =) prasathmani#185
View dirSize instead of word "Folder" prasathmani#184
Document type detection prasathmani#183
Stored Cross-site Scripting (XSS) Vulnerability detected in File Names prasathmani#180
strings in code prasathmani#177
Remove tracking prasathmani#164
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prasathmani @TheBinitGhimire