SillyTavern Web User Interface DNS Rebinding Vulnerability

A DNS rebinding vulnerability has been identified in the SillyTavern web user interface, in versions prior to 1.13.4. This vulnerability allows attackers to bypass CORS policies and gain remote access to a user's SillyTavern instance by tricking the browser into resolving a domain to localhost. Exploitation can lead to unauthorized actions such as reading chat histories, injecting phishing-related HTML, or installing malicious extensions.

Impact

Exploitation of this vulnerability gives attackers full control over the affected SillyTavern instance, allowing them to read user chats, inject phishing content, and install malicious extensions.

Reproduction

To reproduce this vulnerability, host an HTML file on a web server that can be accessed from the internet. This file should be located on an endpoint such as '/rebind.html'. Then, visit a DNS rebinding service, input the IP address of the server where SillyTavern is running, and obtain a URL that points to '127.0.0.1'. Replace the URL in the HTML file with this new URL and access the '/rebind.html' endpoint through a browser. The developer console will reveal the fetched data from the SillyTavern instance, demonstrating successful exploitation.

Remediation

Users are advised to update to SillyTavern version 1.13.4 or later, and to enable host whitelisting in their server configuration. This can be done by setting 'hostWhitelist.enabled' in the 'config.yaml' file or by using the 'SILLYTAVERN_HOSTWHITELIST_ENABLED' environment variable. For detailed instructions, refer to the SillyTavern documentation.