Cross-site Scripting (XSS) - Stored in aces/loris
Aug 15th 2021
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.
🕵️♂️ Proof of Concept
Please follow the steps below:
- Login in the demo application (https://demo.loris.ca/)
- Create a new publication (Click on Reports -> Publications -> Propose a new project)
- Use the payload below to set the publication title
Title"}<img src=x onerror=alert(document.domain)>
- Browse to the following page: https://demo.loris.ca/publication/ajax/getData.php?action=getProjectData&id=2
- Please note that you might need to change the "id" value from "2" to the number corresponding to your publication.
If an admin visits the affected point the attacker will be able to perform any action on the admin behalf thus allowing the attacker to take full control of the vulnerable application and compromise all users and their data.