g6 icon indicating copy to clipboard operation
g6 copied to clipboard
verified publisher icon gnuboard

Stored XSS vulnerability

Open NinjaGPT opened this issue 6 months ago • 1 comments

Gnuboard6 Stored XSS

Vulnerability:Stored XSS (CWE-79)

Severity:High

Summary:

This stored XSS vulnerability was discovered in the latest version of GnuBoard6. When registered users bookmark and reply to any post on the message board, user input is not properly sanitized, and the reply content is not encoded when displayed. This allows attackers to inject arbitrary JavaScript code, targeting all users who can access the post. Attackers can exploit this vulnerability to steal user cookies, launch phishing attacks, and other malicious activities.

Details:

Taint source:
	/bbs/scrap_popin_update/qa/{post_id}

image

Taint sink:
	/board/qa/{post_id}

image

POC:

1.Register an account and log in
2.Access to http://127.0.0.1:8000/board/qa

image

3.send a post on http://127.0.0.1:8000/board/write/qa, any title and content

image

4.Access to the latest post http://127.0.0.1:8000/board/qa/1,click the "Save" button

image

5.Inject following XSS payload and save it
</textarea><img src=1 onerror=alert(/XSS/)>

image

6. XSS payload will be executed when access to the page again:

image

NinjaGPT avatar Jul 07 '25 03:07 NinjaGPT

https://sir.kr/g6_issues/325

NinjaGPT avatar Jul 08 '25 03:07 NinjaGPT