Xss

After obtaining my OSWE, I started appreciating white box analysis much more. So every now and then I pick an open-source project I like, analyze the source code, try to understand how it works, and when I come across critical functions I ask myself: “what if this didn’t work as expected?”. Today I’ll tell you how I discovered this Arbitrary File Upload via MIME-type spoofing that led to a Stored XSS in Postiz, an open-source social media management tool with over 600 instances exposed on the internet. The vulnerability allows an attacker to act as the victim: steal API keys, exfiltrate tokens from all connected social integrations (Instagram, X, LinkedIn, Facebook, TikTok and 23 other providers), publish and delete posts on their behalf, and create persistent OAuth backdoors that survive password changes. ...

Finding your first CVE is one of those things that stays with you. Not so much for the assigned number, which is ultimately just an identifier in a database, but for the process: the moment you realize the bug is real, that nobody has reported it before you, and that you have the responsibility to handle it correctly. I’m telling this story in this post from start to finish: the discovery, the exploit, and finally the responsible disclosure process with MITRE. ...