Cross-site script execution #642
Comments
mlh758
added a commit
that referenced
this issue
Jul 21, 2016
mlh758
added a commit
that referenced
this issue
Jul 22, 2016
Fix #642 Rewriting refresh method to avoid vulnerable string concatenation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This plug-in allows executing cross-site scripts if the source element has encoded html content. Plug-in code constructs label and input elements using string concatenation which allows executing third party html content as part of the plug-in. For example, applying this plug-in on the following html element will execute the encoded html content assigned to the value property of the option tag.
Code snippet:
<select name="test" id="test"> <option value="'"><svg/onload=(new(Image)).src='//1lns7eap1hvfd4ms6l8a4sy15sbnzfp3hqie7\56burpcollaborator.net'>" title="'"><svg/onload=(new(Image)).src='//1lns7eap1hvfd4ms6l8a4sy15sbnzfp3hqie7\56burpcollaborator.net'>"> '"><svg/onload=(new( </option> </select>The text was updated successfully, but these errors were encountered: