CVE-2022-3123 Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a
XSS is a class of vulnerabilities in web applications that execute code in the context of a user's session, either through a direct input validation flaw, or by manipulating a user's input while the application is processing it. XSS vulnerabilities are often exploited in web applications that process user-submitted content such as web forums, comment fields on web pages, or forms. The potential impact of XSS varies greatly depending on the context in which the attack occurs. In the context of a user submitting a comment via a web forum, for example, the impact can be quite serious. An attacker can send a comment to a blog post with malicious content, and the blog will display the comment as if it were written by the intended recipient.
Critical XSS vulnerabilities can be quite serious. In the context of a company selling software, for example, a critical XSS vulnerability could be used by an attacker to send a vendor password directly to the vendor, or to deliver a custom package that locks the vendor's system or exfiltrates data. Furthermore, critical XSS vulnerabilities can be quite serious for users as well. An attacker can craft an email that places a critical XSS in the content field of an email form, and the email will execute code when the user clicks the “send” button. XSS can occur at the application level too, and be just as serious. An attacker can craft a website that hosts an application with XSS, and the application will execute malicious
Example XSS Attack
In order to show the potential impact of XSS, consider the following example.
An attacker crafts a website that hosts an application with a XSS vulnerability. The application will execute malicious code when it submits data to the server. When a user visits this website and enters their email address in the text field of the form, they'll be able to send spam emails because they entered their email address instead of their own password into the text field.
What is XSS?
XSS is a type of injection vulnerability that can occur in web applications. It occurs when an attacker is able to inject code into a browser via the user's input. The injection might happen when an application does not properly validate input from a user, or it might be an exploit of a weakness in the application's design. The impact of XSS depends on the context in which it occurs. In the context of a user submitting a comment via a blog post, for example, the impact can be quite serious. An attacker can send malicious content to the blog, and the blog will display it as if it were written by intended recipient.
The issue with XSS is that even though there are different types of attacks and vulnerabilities that fall under this umbrella term, they are often misconstrued as being one-in-the-same attack or vulnerability. For example, let's say you have an application that displays some kind of form with text fields on it--a form where you ask your users to enter their email address to receive updates about your product line. Your app has an XSS vulnerability because it doesn't validate any text entered into these fields before displaying them to users on your page--it just renders everything without filtering anything out. Well, what happens next? Users submit valid emails as part of this process--your app still thinks those emails are valid when they're actually not--and so you'll get legitimate emails from interested people who happen to have this particular bug,
What is HTML scraping?
An HTML scraper is a computer program that automates the extraction of structured data from webpages. This includes text, links, images, and more. The result of an HTML scraper can be used for a variety of purposes, such as extracting all the information from a webpage to create a local copy or to parse it for keywords in order to search the webpage.
HTML scraping is useful for many different purposes including:
- Extracting content from webpages without having to read every word on the page
- Searching through huge amounts of websites quickly (such as large archives)
- Parsing tables of contents and index pages
How do you recognize an XSS vulnerability?
So, how do you recognize an XSS vulnerability? One way is to look at the URL. If it starts with a scheme that is not considered to be safe (like http), then the site may have a vulnerable XSS vulnerability. Another way is to look for functions that are called with malicious input. For example, if you see
What do we need to build an effective XSS Prevention System?
To build an effective XSS prevention system, we need to know what the general purpose of the application is. This will determine which key areas within the application need to be protected and what specific attacks should be taken care of.
The following are general purposes of an application and key areas that should be protected:
- Web applications: Protecting against cross-site scripting attacks is a critical part of web application development as it can allow attackers to compromise systems, steal data or modify information.
- Databases and file storage: These applications often contain sensitive information about company operations and products, so protection against SQL injection is critical.
- Web servers: Server-side includes (SSIs) are prone to exploitation because they allow attackers to load code into a web page in order to bypass security controls.
Timeline
Published on: 09/05/2022 10:15:00 UTC
Last modified on: 09/29/2022 15:48:00 UTC
References
- https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6
- https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XIWZXLDU7SUS2FANXQRCHJY3F3SWT27E/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZQTVHRBEVMSKQESNFLU7MAUAB3R3PG2/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3123