CVE-2021–43633
Stored XSS 😲
On the back of a recent discovery, I felt encouraged to go hunting for some more vulnerabilities in open source software. After some searching, I settled on Messaging Web Application, which is an open-source browser-based messaging application. I unpacked the source, spun up an instance of the application, and started poking at it.
The app features a sign up page. I spent a lot of time looking at the source code, examining how user input is processed and stored. I attempted SQLi to bypass the login authentication, but alas, I couldn’t successfully exploit the application in this way. Below is a fairly standard SQLi payload which I tried; one of many!
Not feeling defeated, I carried on with my attempt of finding other vulnerabilities. I created a user account and logged in to see how the app functioned. You’ll notice (image below) that users have the option of uploading an avatar; I attempted uploading a PHP shell as a user avatar, but this wasn’t a successful avenue for exploitation either.
With that said, I created a user account and continued to use the application in the intended way
