Cross-site Scripting (XSS) - Stored in kalcaddle/KodExplorer

Valid
Reported on May 17th 2021

BUG

Stored xss via oexe file upload

ACCOUNT

  1. user A-->admin -->victim
  2. user B -->demo user --> attacker

STEP TO REPRODUCE

  1. from user B account create oexe file with bellow content

{"type":"app","content":"window.open(\"javascript:alert(document.domain)\/\/\");","icon":"trello.png","width":"800","height":"600","simple":0,"resize":1,"undefined":0}

Now upload this file .

  1. Now from user A(admin) double click this file and see xss is executed .

VIDEO POC

check is recorded video https://drive.google.com/file/d/1_1v6NJ4ls79s4w6DnbV8tp7i_Ajtd_GZ/view?usp=sharing