Lucene search
Nhiephon02C81928-EB47-476F-8000-E93DC796DBCCHistoryFeb 11, 2022 - 3:44 a.m.
Code Injection in publify/publify
2022-02-1103:44:11
nhiephon
www.huntr.dev
21
code injection
publify
html code
information security
bug bounty
admin data theft
EPSS
0.001
Percentile
36.3%
Description
The application doesn’t check/filter the comments provided by the user before save to database. Attacker can’t insert js code to steal admin’s data but can insert html code, leads to many information security risks.
Proof of Concept
- Step 1: Go to https://demo-publify.herokuapp.com/2022/02/11/hello-world#comments and comment in anonymous user.
<img src="https://www.technistone.com/color-range/image-slab/Starlight%20Black_SLAB_web.jpg" width="2000" height="2000">
- Step 2: Login as demo user, go to https://demo-publify.herokuapp.com/admin/feedback. You can see html code has been rendered successfully.
- PoC: https://drive.google.com/file/d/1RSuq7fsyJPrbNHqlZ9pRW3lgXAvmOrQf
Impact
Attacker can insert html code to break the website format, phishing or collect the admin’s IP through loading images in img tags.
Related
prion
prion
Code injection
2022-05-16 15:15:00
nvd
nvd
CVE-2022-0578
2022-05-16 15:15:08
veracode
veracode
Arbitrary Code Injection
2022-05-17 10:09:03
osv
osv
CVE-2022-0578
2022-05-16 15:15:08
BIT-publify-2022-0578
2024-03-06 11:03:54
Publify vulnerable to code injection
2022-05-17 00:01:25
cve
cve
CVE-2022-0578
2022-05-16 15:15:08
cvelist
cvelist
CVE-2022-0578 Code Injection in publify/publify
2022-05-16 14:31:45
github
github
Publify vulnerable to code injection
2022-05-17 00:01:25
rubygems
rubygems
Code injection in publify
2022-05-16 21:00:00