Kevin Froman's blog

Blog on security, programming, & other musings

How I Could Have Compromised MIT App Inventor


Not Just a Learning Tool

MIT App Inventor is primarily an educational block-based programming tool used to introduce young people to programming and app design, using a web interface and companion app for live testing.

ai2 screenshot

However, due to its powerful design and low learning curve, it is also used by anyone who wants to simplify the app creation process, and many apps currently on Google Play have been created using AI.

New Features Bring New Exploits

The AI team recently implemented a ‘gallery’ system, where people can share their app source and clone others, their gallery system is not (as of writing this) compatible with their Java extension system, which allows users to insert Java code to facilitate custom programming features.

Testing for XSS

I remembered that the AI team had also somewhat recently added HTML formatting to label elements, I got curious to see how they handle HTML tags.

As it turns out, AI did nothing to filter tags, and they were rendered directly to the browser!

From there, I tested if script HTML tags were filtered, and they were not!

However, since that part of the editor is dynamically rendered after page load, I could not immediately trigger scripts.

I remembered that some inline event triggers can work even if loaded after the immediate page load, such as ‘onMouseOver’.

It worked, I was able to trigger any JavaScript I want in the editor using the onMouseOver event!

ai2 screenshot

The full code was simply:

<h1 onMouseOver=”alert(‘XSS Vuln!’);” style=”width: 1000px; height: 1000px; color: white;”>test</h1>

The styling made it so that when mousing over any part of the app preview, my script would trigger.

Implications of XSS

A malicious user could have abused this to embed malicious scripts inside project files (.aia) and then share them via the Gallery or elsewhere.

These scripts could have, among other things:

Reporting the Issue

After I discovered this issue, I reported it to one of the MIT developers, Jeff Schiller, who got it fixed within a week.

Written by anonymous