Skip to content
This repository was archived by the owner on Mar 19, 2025. It is now read-only.

Security Vulnerability: 2 Horizontal Broken Access Control Vulnerabilities and 6 Stored XSS Vulnerabilities Revealed #42

Open
lyf1290 opened this issue Mar 9, 2025 · 0 comments
Open

Security Vulnerability: 2 Horizontal Broken Access Control Vulnerabilities and 6 Stored XSS Vulnerabilities Revealed #42

lyf1290 opened this issue Mar 9, 2025 · 0 comments

Comments

@lyf1290
Copy link

lyf1290 commented Mar 9, 2025
edited
Loading

Dear Maintainers,

I hope this message finds you well. First and foremost, thank you for your hard work and dedication to maintaining this valuable project. I am reaching out to share some findings from a recent static code analysis we conducted on your application.

We discovered 2 instances of Horizontal Broken Access Control (HBAC) vulnerabilities. In the context of this application, we found that a user can exploit HBAC to gain unauthorized access to private posts belonging to other users. This poses a serious risk to user privacy.

In addition, we also identified 6 instances of Stored Cross-Site Scripting (XSS) vulnerabilities that might require your attention. Stored XSS vulnerabilities can present significant risks, as they allow attackers to inject malicious scripts that are stored on your server and later executed in other users’ browsers. Potential threats include user account compromise, cookie theft, redirection to malicious websites, session hijacking, and even keystroke logging.

To assist with addressing these vulnerabilities, we have provided a video demonstration for each vulnerability. Additionally,we have provided detailed reproduction steps for each vulnerability (you can follow the steps in the reproduction document and use the provided reproduction scripts to quickly replicate these vulnerabilities).

Reproduction Document: SpringBlog.pdf

Reproduction Scripts: springblog.zip

Your response is incredibly important to our research, and I hope you will find the time to review and confirm these issues. Thank you again for your commitment to this project and your attention to this important matter. I look forward to your thoughts.

HBAC vulnerabilities 1&2:

hbac1-2.mp4

Below, we use the start and end APIs of the XSS attack path as the XSS vulnerability ID.

Stored XSS vulnerabilities:

1&2. PostController.create(...) → HomeController.index(...) & PostController create(...) → PostController show(...)

xss1.2.mp4

3&4. PostController update (...) → HomeController index(...) & PostController update(...) → PostController show(...)

xss3.4.mp4
  1. PostController create(...) → PostController page(...)
xss5.mp4
  1. PostController update(...) → PostController page(...)
xss6.mp4
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lyf1290