New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XssHttpServletRequestWrapper JEESNS V1.3 social management system type stored XSS holes caused by filter is lax #6

Closed
Howsson opened this Issue Nov 9, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@Howsson

Howsson commented Nov 9, 2018

request

POC
poc

Vulnerability validation
The user logs in using firefox and enters the content in the post:
poc
1

Trigger the savings XSS vulnerability
2

Likewise, enter the content in the comments section of the post:

3

XssHttpServletRequestWrapper filter is lax,Also leads to storage XSS vulnerabilities

4

bug fix

  1. Coding unification
    The encoding of each data layer of the site is uniform, and it is recommended to use all utf-8 encoding. The inconsistency of upper and lower encoding may cause some filtering models to be bypassed.
  2. Http Only cookie
    The purpose of many XSS attacks is to obtain the user's cookie, marking the important cookie as HTTP only, so that when the browser makes a request to the server, it will bring the cookie field, but the cookie cannot be accessed in the script. In this way, the XSS attack can avoid using js's document.cookie to acquire the cookie.
  3. Input content length control
    For untrusted input, you should limit it to a reasonable length.Although it cannot completely prevent XSS from happening, it can increase the difficulty of XSS attack.
  4. Input check
    Input check is generally to check whether the data entered by the user contains some special characters, such as <, >, ', ', etc. If special characters are found, these characters are filtered or coded.
@Jayl1n

This comment has been minimized.

Jayl1n commented Nov 9, 2018

I have reported this vulnerablity with CVE-2018-17886 .
And it had been fixed #5.
: )

@Howsson Howsson referenced this issue Nov 9, 2018

Closed

1 #7

@Howsson Howsson closed this Nov 10, 2018

@Howsson Howsson reopened this Nov 11, 2018

@Howsson Howsson closed this Nov 11, 2018

@Howsson Howsson changed the title from XssHttpServletRequestWrapper filter is lax,Also leads to storage XSS vulnerabilities. to 1 Nov 11, 2018

@Howsson Howsson changed the title from 1 to XssHttpServletRequestWrapper JEESNS V1.3 social management system type stored XSS holes caused by filter is lax Nov 12, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment