Skip to content

RealLinkers/CVE-2019-17427

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

CVE-2019-17427

CVE-2019-17427 Persistent XSS POC

In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.

The vulnerability essentially exists on any wiki page which by default uses textile formatting. You can take advantage of it by using <pre parameter.

<pre onfocusin=alert("pwnd") tabindex=1 style="height:500px;width:500px;" class=

To take full advantage of this, you can chain the poc.txt which contains XSS example payload to enable API in order to achieve SQL injection capabilities https://github.com/RealLinkers/CVE-2019-18890

https://nvd.nist.gov/vuln/detail/CVE-2019-17427

About

CVE-2019-17427 Persistent XSS POC

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published