Code Injection in publify/publify
Valid
Reported on
Feb 11th 2022
Description
The application doesn't check/filter the comments provided by the user before save to database. Attacker can't insert js code to steal admin's data but can insert html code, leads to many information security risks.
Proof of Concept
- Step 1: Go to https://demo-publify.herokuapp.com/2022/02/11/hello-world#comments and comment in anonymous user.
<img src=https://www.technistone.com/color-range/image-slab/Starlight%20Black_SLAB_web.jpg width="2000" height="2000">
- Step 2: Login as demo user, go to https://demo-publify.herokuapp.com/admin/feedback. You can see html code has been rendered successfully.
- PoC: https://drive.google.com/file/d/1RSuq7fsyJPrbNHqlZ9pRW3lgXAvmOrQf
Impact
Attacker can insert html code to break the website format, phishing or collect the admin's IP through loading images in img tags.
We are processing your report and will contact the
publify
team within 24 hours.
3 months ago
We have contacted a member of the
publify
team and are waiting to hear back
3 months ago
We have sent a
fix follow up to the
publify
team.
We will try again in 7 days.
3 months ago
We have sent a
second
fix follow up to the
publify
team.
We will try again in 10 days.
3 months ago
We have sent a
third and final
fix follow up to the
publify
team.
This report is now considered stale.
3 months ago
Matijs van Zuijlen
has been awarded the fix bounty
to join this conversation