Skip to content
This repository was archived by the owner on Dec 19, 2023. It is now read-only.

Fixing XSS in SIP plugin#1

Open
hunterale wants to merge 2 commits into
418sec:masterfrom
hunterale:master
Open

Fixing XSS in SIP plugin#1
hunterale wants to merge 2 commits into
418sec:masterfrom
hunterale:master

Conversation

@hunterale

Copy link
Copy Markdown

📊 Metadata *

Bounty URL: https://www.huntr.dev/bounties/1-other-openfire-sip-plugin/

⚙️ Description *

In the page showing SIP Phone Mappings, the (dangerous) username characters that can cause an XSS are transformed in a way the are not dangerous any more, preserving the correct name visualization of the username

💻 Technical Description *

The XSS payload was inserted in the html template without escaping/encoding the dangerous characters. The fix is the followings: creating a StringUtils class (the same used in the Openfire parent project) with a method that HTML-escapes dangerous characters and using the method to sanitize the payload so it doesn't work any more

🐛 Proof of Concept (PoC) *

The video shows the triggered xss by the payload reported at the bounty url. The version of SIP plugin in video is 1.2.6 installed from the official marketplace

triggered_xss.mp4

🔥 Proof of Fix (PoF) *

The video shows that inserting the xss payload, the xss is not triggered anymore. The SIP plugin is the fixed version (snapshot-1.2.7)

fixed_xss_sip_plugin.mp4

👍 User Acceptance Testing (UAT)

After the fix, the page is still working correctly as before the fix and the XSS is not triggered anymore

@JamieSlome

Copy link
Copy Markdown

👋 Hello, @akrherz - @hunterale has opened a PR to us with a fix for a potential vulnerability in your repository. To view the vulnerability, please refer to the bounty URL in the first comment, above.

Ultimately, you get to decide if the fix is 👍 or 👎. If you are happy with the fix, please write a new comment (@huntr-helper - LGTM) and we will open a PR to your repository with the fix. All remaining PRs for this vulnerability will be automatically closed.

If you have any questions or need support, come and join us on our community Discord!

@akrherz & @hunterale - thank you for your efforts in securing the world’s open source code! 🎉

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants