Security Fix for Stored-XSS on "ChatCord" - huntr.dev

[huntr-helper]

https://huntr.dev/users/alromh87 has fixed the Stored-XSS on "ChatCord" vulnerability 🔨. alromh87 has been awarded $25 for fixing the vulnerability through the huntr bug bounty program 💵. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/other/chatcord/1/README.md

User Comments:

📊 Metadata *

Bounty URL: https://www.huntr.dev/bounties/1-other-chatcord

⚙️ Description *

There is no proper sanitization of some data received from server making code injection available to malicious user, if traffic is intercepted and modified.

💻 Technical Description *

Fixed by replacing the use of innerHTML() for innerText() efectively treating incoming data as text and not html elements.

🐛 Proof of Concept (PoC) *

1. Download the project
2. Run npm i
3. Run npm run dev
4. Go on http://localhost:3000 or on the Repl instance created
5. Go on https://instance:port/chat.html?username=test&room=JavaScript
6. Start Burp
7. Send a new message and intercept the WS request
8. Modify the time parameter in ><img/src="x"/onerror=alert(1)>
   XSS triggered !!!

Proof of Fix (PoF) *

After fix data is treated as text and No code is executed for remote user

👍 User Acceptance Testing (UAT)

After fix functionality is unafected