showdoc

Valid

Reported on

Mar 14th 2022

Description

Stored XSS via uploading file in .ofd format.

filename="test.ofd"

<script>alert(1)</script>

Login into showdoc.com.cn.
Navigate to file library (https://www.showdoc.com.cn/attachment/index)
In the File Library page, click the Upload button and choose the test.ofd file.
After uploading the file, click on the check button to open that file in a new tab.
XSS will trigger when the attachment is opened in a new tab.

https://img.showdoc.cc/622f5237a4612_622f5237a4609.ofd?e=1647272323&token=-YdeH6WvESHZKz-yUzWjO-uVV6A7oVrCN3UXi48F:0OnGqbEWkwJaFbR43A347gUCOMc=

An attacker can perform social engineering on users by redirecting them from a real website to a fake one. a hacker can steal their cookies etc.

AttachmentModel.class.php L330

We are processing your report and will contact the star7th/showdoc team within 24 hours. a year ago

Akshay Ravi modified the report

a year ago

Akshay Ravi modified the report

a year ago

Akshay Ravi modified the report

a year ago

star7th validated this vulnerability a year ago

Akshay Ravi has been awarded the disclosure bounty

The fix bounty is now up for grabs

star7th marked this as fixed in 2.10.4 with commit 3caa32 a year ago

star7th has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We are processing your report and will contact the star7th/showdoc team within 24 hours. a year ago

Akshay Ravi modified the report

a year ago

Akshay Ravi modified the report

a year ago

Akshay Ravi modified the report

a year ago

star7th validated this vulnerability a year ago

Akshay Ravi has been awarded the disclosure bounty

The fix bounty is now up for grabs

star7th marked this as fixed in 2.10.4 with commit 3caa32 a year ago

star7th has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation