Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. ItΒ collects links to all the places you might be looking at while hunting down a tough bug.
And, if youβre still stuck at the end, weβre happy to hop on a call to see how we can help out.
[π] Challenge progress restore triggers XSS on Score Board
See original GitHub issueπ Bug report
Description
- Start local instance and go to
/#/score-board - Notice that the copy-pastable XSS payloads (e.g. in DOM XSS or Bonus Payload challenge) are properly encoded
- Confirm via
/api/Challengesthat those payloads are wrapped into<code>β¦</code>properly - Restore challenge progress from a local backup (works best with a continue code w/ lot of challenges solved)
- Visit
/#/score-boardto notice that one or more XSS payloads now trigger - Check via
/api/Challengesthat the<code>β¦</code>enclosure is now missing in the API response
Additional Information
Could also be reproduced on https://preview.owasp-juice.shop/#/score-board and https://preview.owasp-juice.shop/api/Challenges
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (8 by maintainers)
Top Results From Across the Web
Challenge solutions - Pwning OWASP Juice Shop
Solve the Perform a DOM XSS attack challenge; Turn on your computer's speakers! ... Navigate to http://localhost:3000/#/score-board to solve the challenge.
Read more >On cross-site scripting, fallback authentication and privacy im ...
As a result of XSS challenge, we were able to record 78,188 XSS attack attempts from 1035 unique IP in two weeks of...
Read more >Search Results - CVE
This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of webΒ ...
Read more >Rollbase - Forum - Progress Community Discussions Archive
Card Migration issue in Rollbase Version 4.5 (Beta) ... Progress service object error from trigger: bug? ... Book now for EMEA PUG Challenge!...
Read more >Cross-Site Scripting (XSS) Cheat Sheet | Web Security Academy
Interactive cross-site scripting (XSS) cheat sheet for 2022, brought to you by PortSwigger. Actively maintained, and regularly updated withΒ ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I guess the issue was reference semantics which saved the sanitized challenge description back into the cache upon the first notification and then finding it there for any subsequent notification (i.e. local restore) and then putting it into the DB.
Pretty wild that this was not noticed for 5 yearsβ¦ π¬
This thread has been automatically locked because it has not had recent activity after it was closed. π Please open a new issue for regressions or related bugs.