Stored XSS via File Upload in star7th/showdoc in star7th/showdoc

Valid

Reported on

Mar 14th 2022


Description

Stored XSS via uploading file in .properties format.

Proof of Concept

filename="test.properties"

<script>alert(1)</script>

Steps to Reproduce

  1. Login into showdoc.com.cn.
  2. Navigate to file library (https://www.showdoc.com.cn/attachment/index)
  3. In the File Library page, click the Upload button and choose the test.properties file.
  4. After uploading the file, click on the check button to open that file in a new tab.
  5. XSS will trigger when the attachment is opened in a new tab.

POC URL:

https://img.showdoc.cc/622f467833127_622f467833120.properties?e=1647269010&token=-YdeH6WvESHZKz-yUzWjO-uVV6A7oVrCN3UXi48F:o4Avvyq1nJSSadhWuytWRYg6K1Q=

Impact:

An attacker can perform social engineering on users by redirecting them from a real website to a fake one. a hacker can steal their cookies etc.

We are processing your report and will contact the star7th/showdoc team within 24 hours. 2 months ago
Akshay Ravi modified the report
2 months ago
Akshay Ravi modified the report
2 months ago
star7th validated this vulnerability 2 months ago
Akshay Ravi has been awarded the disclosure bounty
The fix bounty is now up for grabs
star7th confirmed that a fix has been merged on 3caa32 2 months ago
star7th has been awarded the fix bounty
to join this conversation