-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shimmie – Cross-Site Scripting (XSS) #597
Comments
Thank you very much for reporting this issue! The change in pull-request #598 should fix this issue. |
#597: Fix for XSS issue in chatbox extension.
Tempting to rewrite the chatbox from scratch, yshout is the source of so many code warnings it's no surprise some serious stuff slipped through :( |
To be honest, that was my thought as well. Though, as I don't have much time, I went with the tactical fix. |
Well, in any case, this has been fixed on the develop branch. Hopefully, we can get a release out in the near future, which will have this fix as well. (See #599) |
Product: Shimmie
Download: https://github.com/shish/shimmie2
Vunlerable Version: 2.5.1 and probably prior
Tested Version: 2.5.1
Author: ADLab of Venustech
Advisory Details:
A Cross-Site Scripting (XSS) was discovered in“Shimmie 2.5.1”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in the “log” HTTP GET parameter passed to the “shimmie2-master/ext/chatbox/history/index.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
http://localhost/.../shimmie2-master/ext/chatbox/history/index.php?log=%27xx%27});%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E
The text was updated successfully, but these errors were encountered: