You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
This weekend I played hxpctf, during competition there was a challenge called hackme. It was a Docker with codimd. My solution was unintended: I use google analytics to exploit a stored xss bug in mermaid.
Here is my PoC
The bug seems to be known by the mermaid developers (issue).
I tryed it on hackmd.io and it works, too.
Hope you can fix soon!
P.S. Now I'm going to reopen the issue in mermaid repository. This is also a duplicate, but the other issues are marked as "solved".
Thanks
Alessandro Mizzaro
The text was updated successfully, but these errors were encountered:
Hi,
This weekend I played hxpctf, during competition there was a challenge called hackme. It was a Docker with codimd. My solution was unintended: I use google analytics to exploit a stored xss bug in mermaid.
Here is my PoC
The bug seems to be known by the mermaid developers (issue).
I tryed it on hackmd.io and it works, too.
Hope you can fix soon!
P.S. Now I'm going to reopen the issue in mermaid repository. This is also a duplicate, but the other issues are marked as "solved".
Thanks
Alessandro Mizzaro
The text was updated successfully, but these errors were encountered: