-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PDF XSS in admin/upload.php #1320
Comments
Is this a google chrome pdf reader exploit? |
What's wrong with this? JS used in PDF as a part of form fill-out on web sites. You'll need to upload the PDF into the admin site, which would be a security issue. |
It seems to be a browser exploit right? How can we mitigate that? |
There is no need for it. I don't think it's necessary to do anything, an alert message isn't XSS yet. |
Specify the content-type of the response, so that users can download and parse the PDF type file locally when browsing |
Inserting the specified code can also obtain sensitive information such as cookies |
Well, and how do you get the PDF on the server if you don't have administrator privileges? |
After we create users, we upload malicious PDF files. The XSS can be triggered by recording the path of the PDF file and enticing the administrator or other users to access it |
content type is a server config, not much we can do about it in GS
|
hehe really dumb |
It can be implemented by code(example:https://www.helplib.com/Web_Development/article_4821) |
lol?I also play lol .game |
You'll need to upload the PDF on the server, which would be a security issue. It's not an exploit. |
Yeah but implementing a entire downloader file service and wrapping all downloads in code... Would probably add 3 more vectors , path traversal, injection etc.. meh. We have white/black lists for uploads, and people can secure their server though the proper means for downloads. |
I guess we could suggest or provide something for htaccess.. but not everyone runs apache |
Yeah, custom upload restrictions, may be the best option at the moment. It's a single-admin cms (by default). And if a malicious user would get access to the admin, then we would probably have bigger problems than just XSS. |
I will leave the discussion label on here for now, if anyone had ideas let me know. If not I will wontfix it |
Version:3.4.0
Payload: app.alert('xss');
Insert xss malicious code in pdf with pdf editor
Access the file upload function of GetSimpleCMS, upload a malicious pdf, and get the uploaded file path in the response package.
Using google browser to access the path of the malicious pdf file upload will trigger xss, which must be accessed by google browser.
The text was updated successfully, but these errors were encountered: