CVE-2024-40492: Stored XSS to ATO
Note : A JOURNEY TO GAIN KNOWLEDGE
Description
Stored Cross-Site Scripting (XSS) is a type of security vulnerability typically found in web applications. It occurs when an attacker is able to inject malicious scripts into a web application, and those scripts are stored on the server. When other users access the data containing the malicious script, the script is executed in their browsers.
Step to reproduce
Create an account with name:
First name is payload
giongfnef"><h1>test</h1>"><img src=1 onerror=alert(document.cookie)>Lastet name is
giongfnef"><img src=1 onerror=alert(document.cookie)>
Go to "Threads" then search for that first name like giongfnef -> XSS is triager -> this is stored XSS which can lead to Account Take Over
#POC
Impact
After triggering the XSS, I can proceed with an Account Take Over. Since this is a stored XSS, any user who views the user section or searches for the user giongfnef will trigger the XSS and have their session stolen.
Mitigation
To prevent stored XSS vulnerabilities, follow these best practices:
Input Validation: Validate and sanitize all user inputs on the server-side.
Output Encoding: Encode data before displaying it in the browser to prevent execution of injected scripts.
Use Security Libraries: Use libraries and frameworks that automatically handle input sanitization and output encoding.
Content Security Policy (CSP): Implement CSP headers to restrict the sources from which scripts can be loaded.
Last updated