Cross-site Scripting (XSS) - Stored in kalcaddle/kodexplorer

Valid

Reported on

May 17th 2021


BUG

Stored xss via oexe file upload

ACCOUNT

  1. user A-->admin -->victim
  2. user B -->demo user --> attacker

STEP TO REPRODUCE

  1. from user B account create oexe file with bellow content

{"type":"app","content":"window.open(\"javascript:alert(document.domain)\/\/\");","icon":"trello.png","width":"800","height":"600","simple":0,"resize":1,"undefined":0}

Now upload this file .

  1. Now from user A(admin) double click this file and see xss is executed .

VIDEO POC

check is recorded video https://drive.google.com/file/d/1_1v6NJ4ls79s4w6DnbV8tp7i_Ajtd_GZ/view?usp=sharing

warlee
6 months ago

Maintainer


kodexplorer: a management tool mainly used for personal use; oexe,allow js; kodbox: Used for multi-user network disk storage; oexe,disable js;