Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSRF and Server Side XSS #117

Open
21k opened this issue Apr 17, 2020 · 3 comments
Open

SSRF and Server Side XSS #117

21k opened this issue Apr 17, 2020 · 3 comments

Comments

@21k
Copy link

21k commented Apr 17, 2020

this package uses phantomjs to render a xml snippet to image,thus the xml can be any html ,script.
As the render process runs at backend,so there are ssrf and server side xss risks.

@21k
Copy link
Author

21k commented Apr 17, 2020

var svg2png=require('svg2png')

svg2png(Buffer.from(`

<script> document.write(1111111111111); // some xhr for ssrf code </script>`)).then(buffer => fs.writeFileSync("dest.png", buffer))

@huntr-helper
Copy link

👋 Hey! We've recently opened a bug bounty against this issue, so if you want to get rewarded 💰 for fixing this vulnerability 🕷, head over to https://huntr.dev!

@JamieSlome
Copy link

Fix suggested here #119! 🍰

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants