Summary by Xml_
Vulnerability XSS STORED by Xml_ on https://www.doi.gov/iacb/indian-arts-and-crafts-board-potential-violation-report
Stored XSS [doi.gov/iacb/indian-arts-and-crafts-board-potential-violation-report ]
Disclosed by Xml_- Program Department of Interior: Vulnerability Disclosure Program
- Disclosed date over 2 years ago
- Priority P3 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Report details
-
Submitted
-
Target Location
*.doi.gov -
Target category
Web App
-
VRT
Cross-Site Scripting (XSS) > Reflected > Non-Self -
Priority
P3 -
Bug URL
https://www.doi.gov/iacb/indian-arts-and-crafts-board-potential-violation-report -
Description
Cross-site scripting (abbreviated as XSS) is a type of security vulnerability. websites allowing content to be injected into a page, thus triggering actions on web browsers visiting the page. The possibilities of XSS are very wide since the attacker can use all the languages supported by the browser (JavaScript, Java ...) and new possibilities are regularly discovered in particular with the arrival of new technologies like HTML5. For example, it is possible to redirect to another site for hooking or to steal the session by recovering cookies.
PoC
1) Go on https://www.doi.gov/iacb/indian-arts-and-crafts-board-potential-violation-report complete the form by adding the escape character "> see attached
2) Continue to fill in the information until you reach the submit button.
3) You will be redirected to something like that https://www.doi.gov/node/18293/done?sid=695860&token=8e2903968f51f4ac026a67d47a980429 and if you look at the javascript code it is executed
-
Extra info
Risk
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.
In terms of exploitability, the key difference between reflected and stored XSS is that a stored XSS vulnerability enables attacks that are self-contained within the application itself. The attacker does not need to find an external way of inducing other users to make a particular request containing their exploit. Rather, the attacker places their exploit into the application itself and simply waits for users to encounter it.
The self-contained nature of stored cross-site scripting exploits is particularly relevant in situations where an XSS vulnerability only affects users who are currently logged in to the application. If the XSS is reflected, then the attack must be fortuitously timed: a user who is induced to make the attacker's request at a time when they are not logged in will not be compromised. In contrast, if the XSS is stored, then the user is guaranteed to be logged in at the time they encounter the exploit.