Headline
CVE-2022-1344: Stored XSS due to no sanitization in the filename in organizr
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse.
Description
The organizr application doesn’t sanitize malicious javascript payload which leads to stored XSS and can also perform to the takeover admin account.
Proof of Concept
1.Login with Co-admin account and go to “Settings” -> “Image Manager” and upload any small size jpeg image and intercept the request on burp suite.
2.Then change the name of the uploaded image with the below XSS payload and forward the request:
<img src=1 onerror=alert(1337)>.jpeg
3.Then login with admin account and go to “Settings” -> “Image Manager” and open the uploaded image by Co-admin you will see that XSS will trigger.
PoC Video
https://drive.google.com/file/d/1X8-YyNkt8-MBLY2Btezn2Wel6HLjyhtu/view?usp=sharing
Impact
This allows attackers to execute malicious scripts in the user’s browser and it can lead to session hijacking, sensitive data exposure, and worse.