Cross-site Scripting (XSS) - Stored in liangliangyy/djangoblog

Valid

Reported on

Jan 30th 2022


Description

Hi there, I would like to report a stored Cross Site Scripting vulnerability in djangoblog source code. Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data

Proof of Concept

  1. Install a local instace of djangoblog
  2. Log in as admin and create an article with content <img src=a onerror=alert(document.cookie)>
  3. Go to article detail page and see that a pop up appears with your cookie in it.
  4. A POC image https://drive.google.com/file/d/11kWL4mWQNbABUtngJIBflF-dAbmMxZAy/view?usp=sharing

Impact

This vulnerability is capable of stored XSS.

Occurrences

Unsanitized blog body

We are processing your report and will contact the liangliangyy/djangoblog team within 24 hours. 4 months ago
M0rphling modified the report
4 months ago
We have contacted a member of the liangliangyy/djangoblog team and are waiting to hear back 4 months ago
We have sent a follow up to the liangliangyy/djangoblog team. We will try again in 7 days. 4 months ago
We have sent a second follow up to the liangliangyy/djangoblog team. We will try again in 10 days. 3 months ago
且听风吟 validated this vulnerability 3 months ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
且听风吟 confirmed that a fix has been merged on e37109 3 months ago
且听风吟 has been awarded the fix bounty
article_info.html#L54 has been validated
to join this conversation