Description
Dear Maintainers,
I hope this message finds you well. First and foremost, thank you for your hard work and dedication to maintaining this valuable project. I am reaching out to share some findings from a recent static code analysis we conducted on your application.
We discovered 19 instances of Stored Cross-Site Scripting (XSS) Attack Paths that might require your attention. Stored XSS vulnerabilities can present significant risks, as they allow attackers to inject malicious scripts that are stored on your server and later executed in other users’ browsers. Potential threats include user account compromise, cookie theft, redirection to malicious websites, session hijacking, and even keystroke logging.
To assist with addressing these vulnerabilities, we have provided a video demonstration for each vulnerability. Additionally,we have provided detailed reproduction steps for each vulnerability (you can follow the steps in the reproduction document and use the provided reproduction scripts to quickly replicate these vulnerabilities).
Reproduction Document: JavaQuarkBBS.pdf
Reproduction Scripts: JavaQuarkBBS.zip
Your response is incredibly important to our research, and I hope you will find the time to review and confirm these issues. Thank you again for your commitment to this project and your attention to this important matter. I look forward to your thoughts.
Below, we use the start and end APIs of the XSS attack path as the vulnerability ID.
- ReplyController.CreateReply(…) → PostsController.GetPostsDetail (…)
xss1.mp4
2-7.
UserController.checkUserName(...) → PostsController.GetPosts (...)
UserController.checkUserName(...) → PostsController.getNewUser(...)
UserController.checkUserName(...) → PostsController.GetPostsDetail(...)
UserController.checkUserName(...) → UserController.getUserById(…)
UserController.checkUserName(...) → PostsController.GetPostsByLabel(…)
UserController.checkUserName(...) → NotificationController.getAllNotification(…)
xss2-7.mp4
8-13.
UserController.updateUser(...) → PostsController.GetPosts (...)
UserController.updateUser(...) → PostsController.getNewUser(...)
UserController.updateUser(...) → PostsController.GetPostsDetail(...)
UserController.updateUser(...) → UserController.getUserById(…)
UserController.updateUser(...) → PostsController.GetPostsByLabel(…)
UserController.updateUser(...) → NotificationController.getAllNotification(…)
xss8-13.mp4
14-19.
PostsController.CreatePosts(...) → PostsController.GetPosts (...)
PostsController.CreatePosts(...) → RankController.getTotPosts(...)
PostsController.CreatePosts(...) → PostsController.GetPostsDetail(...)
PostsController.CreatePosts(...) → UserController.getUserById(…)
PostsController.CreatePosts(...) → PostsController.GetPostsByLabel(…)
PostsController.CreatePosts(...) → NotificationController.getAllNotification(…)