Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stored XSS in remarks of the interface #2190

Open
PPPio opened this issue May 8, 2021 · 0 comments
Open

Stored XSS in remarks of the interface #2190

PPPio opened this issue May 8, 2021 · 0 comments

Comments

@PPPio
Copy link

PPPio commented May 8, 2021

版本号

~ 1.9.1

什么问题

~Stored XSS in remarks of the interface

如何复现此问题

~ Demo: https://yapi.baidu.com

  1. Create a group after login:
    image

  2. Then create a new project:
    image

  3. Enter the project, and add an interface:
    image

  4. After adding successfully, enter the interface edit page:
    image

  5. Scroll down to the remark module. Insert the payload:
    <? =><video src=x onerror=alert(document.domain)>
    image

  6. After saving, return to the group. Click on the member list and add the username we want to attack. (There is no need for confirmation from the target user, as long as the user name is correct, the target user can be added to the project. Here we use another account to test.)
    image

  7. After the victim logged into the system, he found that he was added to a group:
    image

  8. He entered the group, viewed the project interface, entered the edit page, and triggered the XSS Payload inserted by the attacker.
    image

什么浏览器

~ Firefox Chrome

什么系统(Linux, Windows, macOS)

macOS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant