XSS at Album Creation
Vendor of the product(s) – SULU
Product Name – Sulu rock
Version – Aug 03, 2023. Sulu Release 2.4. 14 & 2.5. 10
Affected component(s) – XSS at Album Creation
Attack vector(s) – Web Application
Suggested description of the vulnerability for use in the CVE- XSS via Svg file
Discoverer(s)/Credits – your name –Nandini Sharma
Step by Step POC written in sequential order – prepare a word file for all this.
Title: – XSS at Album Creation
INTRODUCTION
A malicious file upload vulnerability can lead to Cross-Site Scripting (XSS) when an attacker uploads a file containing malicious scripts. The uploaded file is typically processed by the application, and if proper validation and security controls are lacking, the script within the file can execute in the context of other users, compromising their data and sessions.
eSecForte Technologies Security Researcher – Nandini Sharma reported a XSS at Album Creation
Description: A malicious file upload vulnerability can lead to Cross-Site Scripting (XSS) when attackers upload files containing malicious scripts, enabling them to execute harmful code in the context of other users, potentially compromising data and sessions.
Platform/Product: Sulu.rocks
Vulnerability Name: Malicious XSS File Upload
Affected Component: XSS at Album Creation
Attack Type: Application
Impact:
- Data Compromise: Attackers can steal sensitive data, such as user credentials or personal information, from other users by executing malicious scripts in their browsers.
- Session Hijacking: Malicious files can be used to hijack user sessions, allowing attackers to impersonate legitimate users and perform unauthorized actions on their behalf.
Recommendation:
- Input Validation: Implement rigorous input validation and filtering to ensure that uploaded files are safe and free from malicious scripts.
- Content Disposition Headers: Set proper content disposition headers to prevent browsers from executing uploaded files as scripts.
- File Type Verification: Verify the uploaded file type matches the expected type and consider using a content security policy (CSP) to restrict script execution.
Method of Exploitation
Steps for Reproduction:
1- Go to the application by navigating to https://sulu.rocks/admin/#/ and proceed to log in using your email and password.
2- Proceed to click on the “Music” tab and navigate to the “Add Album” section.
3- Click on the “Select Media” button, upload an image containing an XSS payload, and complete the required fields. Then, click the “Confirm” button.
4- Right-click on the uploaded image and select “Open Image in New Tab,” as demonstrated in the proof of concept (PoC).
5- It has been noticed that an XSS exploit has been detected.
[Discoverer]
Nandini Sharma from eSec Forte Technologies Pvt. Ltd