Steemnova - Fix persistent XSS vulnerability in alliance pages

in #utopian-io7 years ago (edited)

Bug Fixes

What was the issue(s)?

As described here there was a critical security bug in the steemnova browsergame.

It was caused by the custom bbcode parser that was implemented in steemnova.

Proof of Concept:

[url=javascript:alert(String.fromCharCode(88,83,83))]http://google.com/[/url]
Inserting this piece of code into the alliance description (something basically anybody can do by creating his/her own alliance) would result in the String "XSS" being displayed for the user. Of course a lot more evil actions could also be executed in the users name.

What was the solution?

I replaced the old custom logic:
image.png

With a premade and well established library:
image.png

As well as some boilerplate code to make it all work.

Unfortunatly this change caused another bug: all linebreaks would disappear from the alliance pages.
But this was soon spotted and also fixed by me here.

Links

Acknowledgements

I (once again) want to thank:

  • @louis88 for finding this bug and helping me with testing the bugfix.
  • @mys who cooperated with us so this bugfix could be quickly released to public before it could be abused!



Posted on Utopian.io - Rewarding Open Source Contributors

Sort:  

I believe that STEEMNOVA has a great future. I hope this project will soon be noticed by whales and it will be much more interesting to play. Good luck to you and Love.

Я верю что в STEEMNOVA отличное будущее. надеюсь этот проэкт скоро заметят киты и играть будет намного интересней. Удачи Вам и Любви.

Hey @mwfiae I am @utopian-io. I have just upvoted you!

Achievements

  • People loved what you did here. GREAT JOB!
  • You have less than 500 followers. Just gave you a gift to help you succeed!
  • Seems like you contribute quite often. AMAZING!

Utopian Witness!

Participate on Discord. Lets GROW TOGETHER!

Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x

That was serious security issue. Good job @louis88 and @mwfiae! Thank You for cooperation.

Thank you for your professional way dealing with this! :)

Congratulations @mwfiae! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

Upvote this notification to help all Steemit users. Learn why here!

Congratulations @mwfiae! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments
Award for the number of comments received
Award for the number of upvotes received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

Upvote this notification to help all Steemit users. Learn why here!