Headline
CVE-2022-0957: Stored XSS via File Upload in showdoc
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
Description
Stored XSS via uploading file in .m3u8a format.
Proof of Concept
filename="poc.m3u8a"
<script>alert(1)</script>
Steps to Reproduce
1.Login into showdoc.com.cn.
2.Navigate to file library (https://www.showdoc.com.cn/attachment/index)
3.In the File Library page, click the Upload button and choose the poc.m3u8a file.
4.After uploading the file, click on the check button to open that file in a new tab.
XSS will trigger when the attachment is opened in a new tab.
POC URLs:https://www.showdoc.com.cn/server/api/attachment/visitFile?sign=b9afd9c1b547da6ca613714c88f239e7
Impact
An attacker can perform social engineering on users by redirecting them from a real website to a fake one. a hacker can steal their cookies etc.