Unrestricted Upload of File with Dangerous Type in polonel/trudesk

Valid

Reported on

Jun 20th 2021


✍️ Description

trudesk is vulnerable to arbitrary file upload. The app is allowing upload files, such as text/html. Consequently, It is possible to exploit XSS.

🕵️‍♂️ Proof of Concept

  1. Create a ticket.
  2. Access the ticket created and upload an HTML file which contains <img src onerror=alert(document.domain)>.
  3. Access the HTML file uploaded.

PoC video.

💥 Impact

JavaScript code execution.

We have contacted a member of the polonel/trudesk team and are waiting to hear back a year ago
Chris Brame validated this vulnerability a year ago
Renan Rocha has been awarded the disclosure bounty
The fix bounty is now up for grabs
Chris Brame confirmed that a fix has been merged on 25c5ae a year ago
Chris Brame has been awarded the fix bounty
to join this conversation