PDF Upload Lead to Stored XSS [ProtonMail Secure Email]

Hello everyone, I am Hamidreza Faghani is a penetration testing expert in the field of security testing. In this report, I have discovered a security vulnerability in this web system (Proton mail) that allows malicious actors to perform a XSS Stored attack.

Naturally, I attempted to upload various file types and tried to exploit potential vulnerabilities to upload a PHP file. Unfortunately, my initial attempts were unsuccessful.

However, I was able to successfully upload a PDF file. Recognizing this, I conducted some online research and found that you could inject JavaScript code into PDF files.

So I needed to have a injection inside a PDF file and if the website didn’t do the necessary checks we have ourselves a stored XSS vulnerability. Searching online I couldn’t find a simple XSS PDF. So I decided to implement a JavaScript . This JavaScript embedded a JavaScript code into the PDF, in this case, (app.alert\(‘/write by : HamidReza Faghani/’\)).

Here’s a snippet of the JavaScript code:

After creating the PDF file, I uploaded it to the web application, and BOOM… Stored XSS.

In conclusion, users and organizations generally do not anticipate malicious scripts within PDF documents. Developers should implement robust security checks for PDF files within their applications. Furthermore, organizations utilizing third-party PDF file readers should prioritize keeping these components up to date.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

I hope you enjoyed reading the writeup!

linkedin : https://ir.linkedin.com/in/hamidreza-faghani-ab70108b

Instagram : https://www.instagram.com/developer_1991/