There is a stored XSS in the article review area #38

1f3lse · 2018-09-18T15:55:09Z

Comment area does not do input filtering
Poc
</p><img%20src=1%20onerror=alert(1)><p>

The text was updated successfully, but these errors were encountered:

94fzb · 2018-09-19T15:54:11Z

@3lse The img tag not allow in comment, And i cat reproduce

1f3lse · 2018-09-19T15:58:18Z

@94fzb Need to capture the package for reproduction

1f3lse · 2018-09-19T15:59:42Z

@94fzb Maybe you have no restrictions on the server or storage.

94fzb · 2018-09-19T16:04:17Z

@3lse Comment use jsoup clean text, so img tag will remove when add comment

1f3lse · 2018-09-19T16:07:57Z

@94fzb Here is a way of attack by middlemen, by modifying traffic packets to achieve the purpose of attack.

1f3lse · 2018-09-19T16:08:50Z

So you need to do a verification of the received data to avoid this problem.

94fzb · 2018-09-19T16:23:02Z

So you need to do a verification of the received data to avoid this problem.

Verification browser received data ?

1f3lse · 2018-09-19T16:24:35Z

94fzb · 2018-09-19T16:33:31Z

@3lse I think https is better way, and now the program support https

1f3lse · 2018-09-19T16:35:17Z

94fzb closed this as completed Oct 24, 2019

Provide feedback