pwn.college Dojo Missing Access Control Leading to Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in pwn.college Dojo, affecting all users. The issue arises from a lack of access control on custom (unprivileged) Dojo pages, allowing users to create pages that serve arbitrary files. This capability can be exploited to deliver HTML files containing JavaScript, resulting in stored cross-site scripting on the Dojo's origin. The vulnerability is present in versions of pwn.college Dojo through commit a9abd7220b647206b467822912be0258445b13d6.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, create a Git repository and add an HTML file containing arbitrary JavaScript. Include a Dojo.yml file that references the HTML file. After committing and pushing the repository, create or update a Dojo with the repository. Navigate to the new custom page to observe the cross-site scripting in action.