Stored XSS Vulnerability in SIGA Application with POC

Vulnerability Overview Vulnerability Type: Stored Cross-Site Scripting (Stored XSS) Vulnerability Location: "Cadastro de Responsáveis" (Responsible Party Registration) feature of the SIGA application Vulnerability Description: - User input in the "Nome" (Name) and "Descrição" (Description) fields is not properly encoded or filtered, allowing malicious JavaScript code to be injected and stored in the database. - When other users access pages containing this malicious code, it executes automatically in their browsers, potentially leading to session theft, arbitrary actions, and other malicious activities. Impact Scope Affected Users: All users of the SIGA application, particularly those who can access the "Cadastro de Responsáveis" feature and view pages containing malicious code. Potential Risks: - Session Hijacking: Attackers can obtain users' session cookies by executing malicious code, allowing them to impersonate users and perform actions. - Data Leakage: Attackers can access and steal sensitive information stored within the session. - Privilege Escalation: If the victim user has elevated privileges, attackers can exploit these permissions to perform more dangerous operations. Remediation Input Validation: Strictly validate all user inputs to ensure only expected data types and formats are accepted. Output Encoding: Properly encode user input (e.g., using HTML entity encoding) before rendering it in HTML pages to prevent the execution of malicious code. Content Security Policy (CSP): Implement a Content Security Policy to restrict the sources of scripts that can be executed on the page, thereby reducing the risk of XSS attacks. Filtering and Escaping: Filter and escape input content, especially special characters and HTML tags. POC Code Detailed Steps 1. Access Vulnerable Feature: - The attacker navigates to the page. 2. Insert Payload: - Insert the POC code above into the "Nome" or "Descrição" field. 3. Persist Payload: - Submit the form; the malicious code will be stored in the database. 4. Execute Payload: - When another user accesses the page, the malicious code will be executed. 5. Confirm Execution: - The execution result will display a popup containing the user's session cookie, confirming the existence of the vulnerability. Impact Summary Stored XSS: Malicious code is stored in the database and executes every time the related page is accessed. Contextual Execution: The code executes within the user's session context, inheriting the user's permissions. Sensitive Data Exposure: May lead to the leakage of session cookies and other sensitive information. Foundation for Advanced Attacks: Provides a starting point for more complex attacks, such as privilege escalation and data manipulation.

Goal Reached Thanks to every supporter — we hit 100%!

Stored XSS Vulnerability in SIGA Application with POC

More from this source