Stored XSS on items in Folder in nilsteampassnet/teampass
Apr 23rd 2023
first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert.
To confirm the success of this action, log in to the other account and navigate to the shared folder. From here, use the mouse to drag the item and observe the XSS alert that appears. This confirms that the XSS payload has been successfully implemented within the shared folder, allowing for further testing and analysis as needed.
Proof of Concept
The impact of this vulnerability is that it enables an attacker to inject malicious code into a shared folder, which can then be executed by other users who have access to the folder. This can potentially lead to a range of serious consequences, such as theft of sensitive data, unauthorized access to systems, and the ability to carry out further attacks.
For instance, an attacker may use this vulnerability to steal user credentials, compromise the confidentiality of sensitive data, or even take control of a victim's account or device. They could also use the vulnerability to propagate malware or ransomware throughout the network. Additionally, if the shared folder is used for collaboration between multiple parties, the vulnerability could allow an attacker to disrupt the work of the entire group, causing loss of productivity and potential financial losses.
Tested on 3.0.7 version. with latest commit ( cea058d4f178a58ee04c1fa0792a22f8a50842f4 )