Cross-site Scripting (XSS) - Reflected in part-db/part-db

Valid

Reported on

Oct 1st 2021

Description

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. https://github.com/Part-DB/Part-DB/ is vulnerable to XSS as shown below:

Proof of concept

Vuln variable: $_REQUEST['db_user']
Snippet:

$db_user        = isset($_REQUEST['db_user'])           ? (string)$_REQUEST['db_user']              : '';

Payload

Go to http://localhost/Part-DB-master/install.php
Insert in the user field the following data:

user</strong><script>alert`xss`</script>

Observe the XSS.

Impact

Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

References

We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago

We have contacted a member of the part-db team and are waiting to hear back a year ago

We have sent a third and final follow up to the part-db team. This report is now considered stale. a year ago

A part-db/part-db maintainer validated this vulnerability a year ago

hitisec has been awarded the disclosure bounty

The fix bounty is now up for grabs

Jan Böhmer marked this as fixed in 0.5.10 with commit 91e567 a year ago

Jan Böhmer has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation