Hi,
This weekend I played hxpctf, during competition there was a challenge called hackme. It was a Docker with codimd. My solution was unintended: I use google analytics to exploit a stored xss bug in mermaid.
Here is my PoC
The bug seems to be known by the mermaid developers (issue).
I tryed it on hackmd.io and it works, too.
Hope you can fix soon!
P.S. Now I'm going to reopen the issue in mermaid repository. This is also a duplicate, but the other issues are marked as "solved".
Thanks
Alessandro Mizzaro
The text was updated successfully, but these errors were encountered:
Hi,
This weekend I played hxpctf, during competition there was a challenge called hackme. It was a Docker with codimd. My solution was unintended: I use google analytics to exploit a stored xss bug in mermaid.
Here is my PoC
The bug seems to be known by the mermaid developers (issue).
I tryed it on hackmd.io and it works, too.
Hope you can fix soon!
P.S. Now I'm going to reopen the issue in mermaid repository. This is also a duplicate, but the other issues are marked as "solved".
Thanks
Alessandro Mizzaro
The text was updated successfully, but these errors were encountered: