[SELF-XSS] (via svg file upload) #69
Labels
Comments
|
Hello security-provensec. Please check #57, both of the vulnerabilities you've reported are self attacks which we have already disclosed as self attacks, one of which has been already disputed with Mitre. Closing issue, please feel to comment to keep the discussion going. |
robiso
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Affected software: WonderCMS-2.5.2
Type of vulnerability: XSS (via SVG file upload)
URL: : https://www.wondercms.com
Discovered by: Breachlock
Website: https://www.breachlock.com
Author: Balvinder Singh
Description: I would like to report an XSS (via SVG file upload) Vulnerability that I found on wondercms-2.5.2
Description: SVG files can contain Javascript in <script> tags. Browsers are smart enough to ignore scripts embedded in SVG files included via IMG tags. However, a direct request for an SVG file will result in the scripts being executed.
So an embedded SVG as an attachment in an issue or avatar does not execute the code, but if a user clicks on the attachment the code will execute.
Proof of concept:
Step1: Login to the wondercms.
Step2: In the file, section choose file upload and upload a malicious SVG file.
Step3: Now open that file which was saved as 1.svg the below output will be shown.
Vulnerable URL:http://localhost/WonderCMS-2.5.2/wondercms/files/1.svg
The text was updated successfully, but these errors were encountered: