GiongfNef
  • 📧Readme
  • 💰Bug Bounty
    • Business Logic: Bypass 2FA to ATO
    • 1 Click Account Take Over
  • 🥑CVE
    • CVE-2024-40492: Stored XSS to ATO
    • CVE-2023-5311
  • ☕Writeup CTF
    • Crypto
      • dvCTF 2022
      • Crew CTF 2022
      • ångstromCTF 2022
      • picoCTF 2022 + wscCTF 2022
      • Securinets CTF Quals 2022
      • NsuCrypto
      • KMA chall 2022
      • SEETF 2022
      • just CTF 2022
      • zer0pts CTF 2022
    • Web
      • ASCIS 2022 - warm up
      • RISEC CTF + UMass CTF 2022
      • LIT 2022
      • UIUCTF 2022
      • nullcon CTF2022
      • 🎃Hack The Boo 2022
    • Writeup Intigriti challenge-0923
  • 🍄Linh tinh ký sự
    • 📚Books
    • note linh tinh
      • 🐞Bug logic Shopee: Giảm 5-10% khi mua sản phẩm ?
      • 💎Financial Aid Application for Coursera
  • 🫖Wargame && Others
    • 🍀OverTheWire: Bandit
      • 🌱OverTheWire: Bandit 2022 (new)
      • 🍃OverTheWire: (old) - Bandit
      • Writeup EVABSv5.apk (12levels)
    • 📲Android
      • 📲Writeup EVABSv5.apk (Solution 12 levels)
      • 🎮Writeup droids PicoCTF - (Solution 5 levels)
    • 🌵Rootme
      • 🏝️Web - Server
      • 📟App - System
        • 🎰ELF x86 - Format string bug basic 1
        • 🐰ELF x86 - Stack buffer overflow basic 1
        • 🦊ELF x86 - Stack buffer overflow basic 2
        • 🐻ELF x86 - Stack buffer overflow basic 3
        • 🐼ELF x86 - Stack buffer overflow basic 4
        • 🐧ELF x86 - Stack buffer overflow basic 6
    • 🏆Pentest
    • 🖇️Blockchain
Powered by GitBook
On this page
  • Description
  • Step to reproduce
  • #POC
  • Impact
  • Mitigation
Edit on GitHub
  1. CVE

CVE-2024-40492: Stored XSS to ATO

Note : A JOURNEY TO GAIN KNOWLEDGE

Previous1 Click Account Take OverNextCVE-2023-5311

Last updated 10 months ago

Description

Stored Cross-Site Scripting (XSS) is a type of security vulnerability typically found in web applications. It occurs when an attacker is able to inject malicious scripts into a web application, and those scripts are stored on the server. When other users access the data containing the malicious script, the script is executed in their browsers.

Step to reproduce

  1. Go to

  2. Create an account with name:

First name is payload

giongfnef"><h1>test</h1>"><img src=1 onerror=alert(document.cookie)>

Lastet name is

giongfnef"><img src=1 onerror=alert(document.cookie)>

  1. Go to "Threads" then search for that first name like giongfnef -> XSS is triager -> this is stored XSS which can lead to Account Take Over

#POC

Impact

After triggering the XSS, I can proceed with an Account Take Over. Since this is a stored XSS, any user who views the user section or searches for the user giongfnef will trigger the XSS and have their session stolen.

Mitigation

To prevent stored XSS vulnerabilities, follow these best practices:

  • Input Validation: Validate and sanitize all user inputs on the server-side.

  • Output Encoding: Encode data before displaying it in the browser to prevent execution of injected scripts.

  • Use Security Libraries: Use libraries and frameworks that automatically handle input sanitization and output encoding.

  • Content Security Policy (CSP): Implement CSP headers to restrict the sources from which scripts can be loaded.

Thanks for reading, have a nice day

🥑
❤️
https://app.heartbeat.chat/