Code Injection in tsolucio/corebos

Valid

Reported on

Nov 6th 2021


Description

The user can control a point and infuse arbitrary HTML code into a vulnerable web page. This vulnerability can have numerous results, like disclosure of a user’s session treats that might be utilized to impersonate the victim, or, more generally, it can permit the aggressor to alter the page substance seen by the victims.

Proof of Concept

Go to::   http://demo.corebos.com/index.php?action=%3Ch%3EHTML-Injection%3C/h%3E%3Cp%3Ehello%3C/p%3E%3Cp%3Ehai%3C/p%3E%3Ch1%3ECONTENT%3C/h1%3E%3Ca%20href=https://evil.org%3EMalicious-Link%3C/a%3E&module=Home

// PoC.py (Content Injection Length)

import webbrowser

payload = "| 7h3h4ckv157 |" * 354
url = "http://demo.corebos.com/index.php?action=" + payload + "&module=Home"

webbrowser.open(url)


Impact

HTML Injection: Malicious URL + Content

An injection permits the attacker to send a malicious HTML page to a victim. The targeted browser will not be able to recognize genuine parts from malicious parts of the page, and subsequently will parse and execute the entire page within the victim’s context. Attacker is able to control an input point and is able to inject subjective HTML code into a vulnerable web page.

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 22 days ago
Joe Bordes validated this vulnerability 21 days ago
7h3h4ckv157 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Joe Bordes confirmed that a fix has been merged on ba92bb 21 days ago
Joe Bordes has been awarded the fix bounty