Stored Cross Site Scripting (XSS)

2023-10-0516:30:08

shahzaibak96

www.huntr.dev

cross site scripting

sanitization bypass

admin access

payload execution

0.0004 Low

EPSS

Percentile

14.2%

JSON

Description

The location endpoint is not sanitized which leads to the Stored Cross Site Scripting (XSS)

Proof of Concept

1. Login as a standard user [non-admin] &gt; Asset page &gt; List All

https://drive.google.com/file/d/1qymhc6sMe9EeS2bOe4CE2XTAbzFkgHao/view?usp=drive_link

2. Click to open any asset &gt; Edit Asset

https://drive.google.com/file/d/14a5UoZ1K6KQgIp6xZq5JJZpBwuhVPbPS/view?usp=drive_link

3. Create new location and add the payload: &lt;script&gt;alert("Testing")&lt;/script&gt; and save the asset

https://drive.google.com/file/d/1bUB94JO9EsbdZ1qbKVVHip2mARJ5Sp-W/view?usp=drive_link
https://drive.google.com/file/d/199_wIhmlvs6Zkx1Q-vJr8MjS9u0yB18o/view?usp=drive_link

4. Now login to the Admin account &gt; Asset page &gt; List All

https://drive.google.com/file/d/1ZoQXQhtWLlq4_Jqp2KesTNp73F3MnQro/view?usp=drive_link

5. Open the same asset of which you can change the location and the payload will get executed.

https://drive.google.com/file/d/18QXuJRZ0gh_wUegp5JI2EpK1g2jCF4CC/view?usp=drive_link



Video POC: https://drive.google.com/file/d/1ELndiBIkWu6nIfib2p-uXqsTALABC2F8/view?usp=sharing