Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0950: Unrestricted Upload of File with Dangerous Type in showdoc

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.

CVE
#xss#git

Description

This is a bypass of report https://huntr.dev/bounties/3eb5a8f9-24e3-4eae-a212-070b2fbc237e/.

The upload feature allows the files with the extension .*html which leads to Stored XSS.

Proof of Concept

  • Step 1: Login into showdoc.com.cn.

  • Step 2: Go to https://www.showdoc.com.cn/attachment/index

  • Step 3: In the File Library page, click the Upload button and choose file below. You can use any file extension with regex “.([a-zA-Z0-9])*html”

    <script>alert(origin)</script>

  • Step 4: Click on the check button to open that file in a new tab.

POC URL:

https://www.showdoc.com.cn/server/api/attachment/visitFile?sign=4422094937428007ab74c30faea73ef3

https://www.showdoc.com.cn/server/api/attachment/visitFile?sign=d40db01d06885a0ff0e2b48818d5ad31

https://www.showdoc.com.cn/server/api/attachment/visitFile?sign=08059f8a61fa5838255f9c3b848ad347

Impact

Stored XSS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907