icon

We found results for “

CVE-2021-25925

Date: April 12, 2021

Overview

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information.

Details

The application `SiCKRAGE` is vulnerable to Cross-Site-Scripting(XSS) as user input from several functions is not sanitized. The attack can be exploited from inputs such as the `Post Processing Dir` field in the config/postProcessing/ endpoint, the `Black hole folder location` field in the config/search/ endpoint and using the `quicksearch` bar feature.

PoC Details

Within the SiCKRAGE site, go to the `config/search/` or `config/postProcessing/` endpoint. For the `config/search/` endpoint: Under the `torrent-client` tab Inject the given payload into the ”BLack hole folder location” field and submit the values. Then navigate to the `logs/view/` endpoint and observe the payload getting executed. For the `config/postProcessing/` endpoint: Inject the given payload into the ”Post Processing Dir” field and submit the values. Then navigate to the `home/serverstatus/` endpoint and observe the payload getting executed.

PoC Code

<script>alert(document.cookie)</script>

Affected Environments

4.2.0-10.0.11.dev1

Prevention

Upgrade to version 10.0.11.dev2

Language: Python

Good to know:

icon
icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version 10.0.11.dev2

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: