create account

Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed) by louis88

View this thread on: hive.blogpeakd.comecency.com
utopian-io · @louis88 · (edited)
$19.80
Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)
#### Expected behavior
When I play the browser game SteemNova, I expect that I can play a game that is free of dangerous security vulnerabilities. In particular, I expect that there is no vulnerability that can endanger other players in the game or introduce malware on a computer. 

#### Actual behavior
Unfortunately I discovered a security hole that can not only affect the game but can also be dangerous for other players of the game. The vulnerability found is an XSS (Cross-Site Scripting) vulnerability and can be set in the area of an alliance administration. Since there is an editor (TinyMCE) here that allows this vulnerability to be infiltrated. 

A big thank you goes to the developer team and the project owner who took care of this vulnerability at short notice and have already implemented it in the live system. This went so far without big problems about which I am very happy.


#### How to reproduce
The problem has now been resolved. It was previously possible to reload malware with Javascript if you used this command among others. (demonstration)

    [url=javascript:alert(String.fromCharCode(88,83,83))]http://google.com/[/url]


* Browser:  Chrome Version 65.0.3325.146 (Offizieller Build) (64-Bit)
* Operating system: Mac os x

#### Recording Of The Bug

Demonstration.
![enter image description here](https://i.imgur.com/JyAQbOa.gif)
    

Thanks to the project leaders and developers who solved the problem very quickly! 
@louis88



<br /><hr/><em>Posted on <a href="https://utopian.io/utopian-io/@louis88/critical-vulnerability-xss-cross-site-scripting-steemnova-fixed">Utopian.io -  Rewarding Open Source Contributors</a></em><hr/>
πŸ‘  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
properties (23)
authorlouis88
permlinkcritical-vulnerability-xss-cross-site-scripting-steemnova-fixed
categoryutopian-io
json_metadata"{"community":"utopian","app":"utopian/1.0.0","format":"markdown","repository":{"id":118179003,"name":"steemnova","full_name":"steemnova/steemnova","html_url":"https://github.com/steemnova/steemnova","fork":false,"owner":{"login":"steemnova"}},"pullRequests":[],"platform":"github","type":"bug-hunting","tags":["utopian-io","steemnova","fixed","bug","security"],"users":["louis88"],"links":["https://i.imgur.com/JyAQbOa.gif"],"image":["https://i.imgur.com/JyAQbOa.gif"],"moderator":{"account":"jestemkioskiem","time":"2018-04-01T19:58:34.151Z","reviewed":true,"pending":false,"flagged":false},"questions":[{"question":"Is the language / grammar correct?","answers":[{"value":"Yes","selected":true,"score":20},{"value":"A few mistakes","selected":false,"score":10},{"value":"It's pretty bad","selected":false,"score":0}],"selected":0},{"question":"Was the template followed?","answers":[{"value":"Yes","selected":true,"score":10},{"value":"Partially","selected":false,"score":5},{"value":"No","selected":false,"score":0}],"selected":0},{"question":"Is the bug report formal / informal?","answers":[{"value":"Yes straight to the point","selected":true,"score":50},{"value":"No steps to reproduce","selected":false,"score":25},{"value":"Not informal and not formal","selected":false,"score":0}],"selected":0},{"question":"Is the bug report formal / professional?","answers":[{"value":"Yes, straight to the point ","selected":true,"score":10},{"value":"Almost, contains minor informal parts","selected":false,"score":5}],"selected":0},{"question":"How severe is the bug?","answers":[{"value":"Critical/Security/Crash, affects very critical functions or sensitive data","selected":true,"score":20},{"value":"Major, functionality is affected, no workaround","selected":false,"score":15},{"value":"Minor, functionality is affected, has easy and obvious workaround","selected":false,"score":10},{"value":"Cosmetic, functionality is not affected","selected":false,"score":5}],"selected":0},{"question":"Is there any unrelated content in the bug report?","answers":[{"value":"No, post solely discusses only talk about the bug report","selected":true,"score":10},{"value":"Yes, personal intro or other unrelated content ","selected":false,"score":0}],"selected":0}],"score":100,"issue":{"url":"https://github.com/steemnova/steemnova/issues/105","number":105,"id":310349450,"title":"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"}}"
created2018-04-01 16:47:30
last_update2018-04-01 19:58:36
depth0
children10
last_payout2018-04-08 16:47:30
cashout_time1969-12-31 23:59:59
total_payout_value14.208 HBD
curator_payout_value5.596 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,665
author_reputation1,175,112,530,234,797
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries
0.
accountutopian.pay
weight2,500
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,806,377
net_rshares8,392,830,928,738
author_curate_reward""
vote details (65)
@jestemkioskiem ·
$1.57
Thank you for the contribution. It has been approved.

Thank you for the professional way you've dealt with this issue. I can't make sure the bug was real, but I'm more than happy to take your's and @mys's word for it.

You can contact us on [Discord](https://discord.gg/uTyJkNm).
**[[utopian-moderator]](https://utopian.io/moderators)**
πŸ‘  , , ,
properties (23)
authorjestemkioskiem
permlinkre-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180401t195917246z
categoryutopian-io
json_metadata{"tags":["utopian-io"],"community":"utopian","app":"utopian/1.0.0"}
created2018-04-01 19:59:18
last_update2018-04-01 19:59:18
depth1
children2
last_payout2018-04-08 19:59:18
cashout_time1969-12-31 23:59:59
total_payout_value1.208 HBD
curator_payout_value0.359 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length337
author_reputation41,292,066,961,817
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,820,716
net_rshares536,006,169,862
author_curate_reward""
vote details (4)
@louis88 · 
Thank you very much for the uncomplicated handling of the case. We really appreciate it.
properties (22)
authorlouis88
permlinkre-jestemkioskiem-re-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180401t225956877z
categoryutopian-io
json_metadata{"tags":["utopian-io"],"app":"steemit/0.1"}
created2018-04-01 22:59:27
last_update2018-04-01 22:59:27
depth2
children0
last_payout2018-04-08 22:59:27
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length88
author_reputation1,175,112,530,234,797
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,839,340
net_rshares0
@utopian.tip · 
Hey @jestemkioskiem, I just gave you a tip for your hard work on moderation. Upvote this comment to support the utopian moderators and increase your future rewards!
properties (22)
authorutopian.tip
permlinkre-re-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180401t195917246z-20180402t085431
categoryutopian-io
json_metadata""
created2018-04-02 08:54:33
last_update2018-04-02 08:54:33
depth2
children0
last_payout2018-04-09 08:54:33
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length164
author_reputation238,310,597,885
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,897,606
net_rshares0
@marekkaminski · 
This is great!

So maybe you would be able to fix what I have found: 

when click:
 ![when click.png](https://steemitimages.com/DQmcpkHqUUxvLN3rNXp7Apaiq5dwCQGpe83pHimtR5h72BF/when%20click.png)

I'm getting this: 

![1.png](https://steemitimages.com/DQme4jFUmmCGCABcz4PpJ9ttmuNK2eTr8Y3NjbREkcxZrJd/1.png)

Copied all here:
<code>
NOTICE
Message: Undefined offset: 921
File: /cache/templates/pl^0f9dc04768403bf8d995dbdcb70f24ccf6a74494.page.information.default.tpl.php
Line: 171
URL: https://steemnova.intinte.org/game.php?page=information&id=921
PHP-Version: 7.0.28-1
PHP-API: fpm-fcgi
2Moons Version: 1.8.git
Debug Backtrace:
#0 /cache/templates/pl^0f9dc04768403bf8d995dbdcb70f24ccf6a74494.page.information.default.tpl.php(171): errorHandler(8, 'Undefined offse...', 'FILEPATH ...', 171, Array)
#1 /includes/libs/Smarty/sysplugins/smarty_template_resource_base.php(128): content_5ac15f661e0192_12753298(Object(Smarty_Internal_Template))
#2 /includes/libs/Smarty/sysplugins/smarty_template_cached.php(136): Smarty_Template_Resource_Base->getRenderedTemplateCode(Object(Smarty_Internal_Template))
#3 /includes/libs/Smarty/sysplugins/smarty_internal_template.php(179): Smarty_Template_Cached->render(Object(Smarty_Internal_Template), false)
#4 /includes/libs/Smarty/sysplugins/smarty_internal_templatebase.php(199): Smarty_Internal_Template->render(false, 1)
#5 /includes/libs/Smarty/sysplugins/smarty_internal_templatebase.php(114): Smarty_Internal_TemplateBase->_execute(Object(Smarty_Internal_Template), NULL, NULL, NULL, 1)
#6 /includes/classes/class.template.php(137): Smarty_Internal_TemplateBase->display('extends:layout....')
#7 /includes/pages/game/AbstractGamePage.class.php(267): template->display('extends:layout....')
#8 /includes/pages/game/ShowInformationPage.class.php(366): AbstractGamePage->display('page.informatio...')
#9 /game.php(58): ShowInformationPage->show()
#10 {main}</code>

Hey, FYI @mys @fervi.

#steemnova #bug
πŸ‘  
properties (23)
authormarekkaminski
permlinkre-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180401t234443519z
categoryutopian-io
json_metadata{"tags":["utopian-io","steemnova","bug"],"users":["mys","fervi"],"image":["https://steemitimages.com/DQmcpkHqUUxvLN3rNXp7Apaiq5dwCQGpe83pHimtR5h72BF/when%20click.png","https://steemitimages.com/DQme4jFUmmCGCABcz4PpJ9ttmuNK2eTr8Y3NjbREkcxZrJd/1.png"],"app":"steemit/0.1"}
created2018-04-01 23:44:09
last_update2018-04-01 23:44:09
depth1
children2
last_payout2018-04-08 23:44:09
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,940
author_reputation518,150,328,063
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,843,829
net_rshares510,404,162
author_curate_reward""
vote details (1)
@mys · 
It’s new feature working in English and German translations. I am looking to correct this for other languages too. Thanks!
properties (22)
authormys
permlinkre-marekkaminski-re-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180402t082547186z
categoryutopian-io
json_metadata{"tags":["utopian-io"],"community":"busy","app":"busy/2.4.0"}
created2018-04-02 08:25:48
last_update2018-04-02 08:25:48
depth2
children1
last_payout2018-04-09 08:25:48
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length122
author_reputation14,948,575,541,320
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,894,200
net_rshares0
@flugschwein · 
Sorry I thought it would automatically evade to working languages, when it can't find the right strings. (because new strings get displayed in English when they aren't translated yet)
πŸ‘  
properties (23)
authorflugschwein
permlinkre-mys-re-marekkaminski-re-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180402t112641806z
categoryutopian-io
json_metadata{"tags":["utopian-io"],"app":"steemit/0.1"}
created2018-04-02 11:26:45
last_update2018-04-02 11:26:45
depth3
children0
last_payout2018-04-09 11:26:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length183
author_reputation11,950,112,708,339
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,916,859
net_rshares841,719,231
author_curate_reward""
vote details (1)
@mys ·
$0.02
Thank You for finding and fixing this security flaw! Both @louis88 and @MWFIAE who cooperated to make a patch. As You said the critical update has been implement asap so that nobody got hurt. Thanks!
πŸ‘  
properties (23)
authormys
permlinkre-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180401t171313108z
categoryutopian-io
json_metadata{"tags":["utopian-io"],"community":"busy","app":"busy/2.4.0"}
created2018-04-01 17:13:15
last_update2018-04-01 17:13:15
depth1
children1
last_payout2018-04-08 17:13:15
cashout_time1969-12-31 23:59:59
total_payout_value0.016 HBD
curator_payout_value0.005 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length199
author_reputation14,948,575,541,320
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,809,423
net_rshares8,013,069,881
author_curate_reward""
vote details (1)
@mwfiae ·
$0.10
Thank you for treating the whole thing with the necessary seriousness! 
And for the fact that we were able to fix it so quickly and frictionless :)
πŸ‘  
properties (23)
authormwfiae
permlinkre-mys-re-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180401t185653369z
categoryutopian-io
json_metadata{"tags":["utopian-io"],"community":"busy","app":"busy/2.4.0"}
created2018-04-01 18:56:54
last_update2018-04-01 18:56:54
depth2
children0
last_payout2018-04-08 18:56:54
cashout_time1969-12-31 23:59:59
total_payout_value0.074 HBD
curator_payout_value0.023 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length147
author_reputation8,649,692,852,318
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,814,689
net_rshares34,290,766,552
author_curate_reward""
vote details (1)
@security101 · 
Great Work @louis88 !
πŸ‘  ,
properties (23)
authorsecurity101
permlinkre-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180401t182213083z
categoryutopian-io
json_metadata{"tags":["utopian-io"],"community":"busy","app":"busy/2.4.0"}
created2018-04-01 18:22:15
last_update2018-04-01 18:22:15
depth1
children0
last_payout2018-04-08 18:22:15
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length22
author_reputation1,496,739,907,691
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,813,040
net_rshares4,120,172,946
author_curate_reward""
vote details (2)
@utopian-io · 
### Hey @louis88 I am @utopian-io. I have just upvoted you!
#### Achievements
- You have less than 500 followers. Just gave you a gift to help you succeed!
- Seems like you contribute quite often. AMAZING!
#### Suggestions
- Contribute more often to get higher and higher rewards. I wish to see you often!
- Work on your followers to increase the votes/rewards. I follow what humans do and my vote is mainly based on that. Good luck!
#### Get Noticed!
- Did you know project owners can manually vote with their own voting power or by voting power delegated to their projects? Ask the project owner to review your contributions!
#### Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. <a href="https://discord.gg/zTrEMqB">Participate on Discord</a>. Lets GROW TOGETHER!
- <a href="https://v2.steemconnect.com/sign/account-witness-vote?witness=utopian-io&approve=1">Vote for my Witness With SteemConnect</a>
- <a href="https://v2.steemconnect.com/sign/account-witness-proxy?proxy=utopian-io&approve=1">Proxy vote to Utopian Witness with SteemConnect</a>
- Or vote/proxy on <a href="https://steemit.com/~witnesses">Steemit Witnesses</a>

[![mooncryption-utopian-witness-gif](https://steemitimages.com/DQmYPUuQRptAqNBCQRwQjKWAqWU3zJkL3RXVUtEKVury8up/mooncryption-s-utopian-io-witness-gif.gif)](https://steemit.com/~witnesses)

**Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x**
properties (22)
authorutopian-io
permlinkre-louis88-critical-vulnerability-xss-cross-site-scripting-steemnova-fixed-20180402t000551536z
categoryutopian-io
json_metadata{"tags":["utopian-io"],"community":"utopian","app":"utopian/1.0.0"}
created2018-04-02 00:05:51
last_update2018-04-02 00:05:51
depth1
children0
last_payout2018-04-09 00:05:51
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length1,505
author_reputation152,955,367,999,756
root_title"Critical vulnerability XSS (Cross Site Scripting) Steemnova (fixed)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id47,845,897
net_rshares0
Help/Feedback