HTML-INJECTION-PRODUCT

XSS at Album Creation

Vendor of the product(s) – SULU 

Product Name –   Sulu rock 

VersionAug 03, 2023. Sulu Release 2.4. 14 & 2.5. 10 

Affected component(s) – XSS at Album Creation  

Attack vector(s) – Web Application 

Suggested description of the vulnerability for use in the CVE- XSS via Svg file 

Discoverer(s)/Credits – your name –Nandini Sharma  

Step by Step POC written in sequential order – prepare a word file for all this. 

 

Title: –  XSS at Album Creation 

INTRODUCTION 

A malicious file upload vulnerability can lead to Cross-Site Scripting (XSS) when an attacker uploads a file containing malicious scripts. The uploaded file is typically processed by the application, and if proper validation and security controls are lacking, the script within the file can execute in the context of other users, compromising their data and sessions. 

eSecForte Technologies Security Researcher – Nandini Sharma reported a XSS at Album Creation 

Description:  A malicious file upload vulnerability can lead to Cross-Site Scripting (XSS) when attackers upload files containing malicious scripts, enabling them to execute harmful code in the context of other users, potentially compromising data and sessions. 

Platform/Product:  Sulu.rocks 

Vulnerability Name: Malicious XSS File Upload 

Affected Component:  XSS at Album Creation  

Attack Type:  Application  

Impact:   

  1. Data Compromise: Attackers can steal sensitive data, such as user credentials or personal information, from other users by executing malicious scripts in their browsers. 
  2.  Session Hijacking: Malicious files can be used to hijack user sessions, allowing attackers to impersonate legitimate users and perform unauthorized actions on their behalf. 

 

Recommendation: 

  1. Input Validation: Implement rigorous input validation and filtering to ensure that uploaded files are safe and free from malicious scripts. 
  2.  Content Disposition Headers: Set proper content disposition headers to prevent browsers from executing uploaded files as scripts. 
  3.  File Type Verification: Verify the uploaded file type matches the expected type and consider using a content security policy (CSP) to restrict script execution. 

Method of Exploitation

Steps for Reproduction:

 

1- Go to the application by navigating to https://sulu.rocks/admin/#/ and proceed to log in using your email and password.

2- Proceed to click on the “Music” tab and navigate to the “Add Album” section.

3- Click on the “Select Media” button, upload an image containing an XSS payload, and complete the required fields. Then, click the “Confirm” button.

4- Right-click on the uploaded image and select “Open Image in New Tab,” as demonstrated in the proof of concept (PoC).

5- It has been noticed that an XSS exploit has been detected.

[Discoverer]                                                                                                      

Nandini Sharma from eSec Forte Technologies Pvt. Ltd