search

jordandelozier / wysibb

WYSIWYG BBcode editor
http://www.wysibb.com
246 stars 86 forks source link

xss - Reflected Cross Site Scripting issue #179

Open webhamm opened 7 years ago

webhamm commented 7 years ago

How to reproduce

  1. Navigate to the below URL. http://wysibb.com/demo/
  2. Click on “Insert image” button.
  3. Enter this below payload in input field and click on “Save” button. https://test.github.com/test/?"><iMg src=N onerror=alert(document.cookie)>.jpg
  4. Now Again click on "save” button.
  5. Observe that an alert box is displayed in the browser which proves Reflected Cross Site Scripting.
webhamm commented 7 years ago

https://test.github.com/test/?"><iMg src=N onerror=alert(document.cookie)>.jpg

Q8hma commented 7 years ago

this is the code .replace(/\&lt;/g,"<").replace(/\&gt;/g,">").replace(/\&#123;/g,"{").replace(/\&#125;/g,"}");

but where to put it :)

neuoy commented 7 years ago

To turn this into an actual XSS attack, you have to make the server accept and publish your bbcode ; so I'm not sure where WysiBB is concerned by this issue. Isn't the server-side parser + conversion to HTML that must be secure enough to detect such attacks? Unless you want to trick a user into copy/pasting your image link in the editor (but then you could also trick him into pasting javascript code in the browser console...)