xss bypass the filter in pbboard/pbboard-3.0.4
Jan 31st 2023
hi,@maintainer.The filter you use to clean xss is unsafe.Please choose an xss filter with a large number of users and a high evaluation
You can watch my video through this link first. link https://drive.google.com/file/d/1mh9hiDxmybLQGPw-z36qBdsEcE_OoPw8/view?usp=share_link
Proof of Concept
1.Login to the forum as any user.
2.Send dangerous messages to admin users.
3.The value of the Message is below
4.Admin users view the Message sent by the attacker.Click the link the attacker sent.
(1) To steal the administrator account or cookie, the intruder can log in to the background as an administrator. It enables intruders to manipulate background data maliciously, including reading, changing, adding and deleting some information.
(2) Stealing users' personal information or login accounts will pose a huge threat to the user security of the website. For example, pretend to be a user for various operations.
(3) The website hangs horses. First, embed the malicious attack code into the Web application. When the user browses the hanging horse page, the user's computer will be implanted with a Trojan horse.
(4) Send advertisements or spam messages. Attackers can use XSS vulnerabilities to plant advertisements or send spam, seriously affecting
I fixed it and Update XSS filtering
Now will be well-used filter and a more secure
Update XSS filtering https://github.com/pbboard/PBBoard-3.0.4/commit/8a8787ec8fe40a7c171926497564f94e76e4dbbb
hi, @admin ,The bug has been fixed, but the maintainer told me that he had a 'commit sha not found in repository' when marking the report as fixed. Can you mark the report as fixed, thanks.And the commit is https://github.com/pbboard/PBBoard-3.0.4/commit/a3e24e86cffd7b4c8f8a575f09dc2316010ab715
I seem to be able to submit the fix with no issue using SHA:
@maintainer, if you could please try again with the SHA above and provide your publication preferences?
hi, @admin ,I contacted the manager of the project through email, but he still couldn't mark this report successfully. the commit is https://github.com/pbboard/PBBoard-3.0.4/commit/a3e24e86cffd7b4c8f8a575f09dc2316010ab715 . You can also verify whether the vulnerability has been fixed .I hope you can help us, which is very important to me, thank you
hi, @admin ,could you help us to mark this report as fixed.We have confirmed that the vulnerability was successfully repaired.Thanks