Cross-site Scripting (XSS) - Stored in jam-py/jam-py

Valid

Reported on

Apr 27th 2021


✍️ Description

Stored XSS at comment box at suppliers Profile. In fact, all input has XSS. No input parameter is sanitized before saving in the database.

🕵️‍♂️ Proof of Concept

  1. git clone https://github.com/jam-py/jam-py
  2. cd jam-py && python setup.py install
  3. cd demo
  4. python server.py
  5. Open localhost:8080 in browser and click on customer dashboard
  6. Edit any Customer and Add this payload to Company or any input field
  7. Try to save and view the edited History you will see javascript begin executed

alt

💥 Impact

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.

In terms of exploitability, the key difference between reflected and stored XSS is that a stored XSS vulnerability enables attacks that are self-contained within the application itself. The attacker does not need to find an external way of inducing other users to make a particular request containing their exploit. Rather, the attacker places their exploit into the application itself and simply waits for users to encounter it.

T3cH_W1z4rD
7 months ago

Researcher


Payload : <details open ontoggle=confirm()> | <a href="javascript%26colon;alert(1)">click