Description
A XSS vulnerability exists that leads to arbitrary code execution
Version
Version 0.0.3
Tested on: Linux
To reproduce
Steps to reproduce the behavior:
Create a new task
Add this to the details:
<img src="asdf" onerror="var os = require('os'); var hostname = os.platform(); var homedir = os.homedir(); alert('Host:' + hostname + 'directory: ' + homedir);">
See the popup
Expected behavior
This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by tricking his victim into opening a crafted liveflow.md that looks like this
# Inbox
## TODO test_task_1_xxx <img src="asdf" onerror="var os = require('os'); var hostname = os.platform(); var homedir = os.homedir(); alert('Host:' + hostname + 'directory: ' + homedir);">
RANK: 1
In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.
The text was updated successfully, but these errors were encountered:
Description
A XSS vulnerability exists that leads to arbitrary code execution
Version
To reproduce
Steps to reproduce the behavior:
Expected behavior
This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by tricking his victim into opening a crafted liveflow.md that looks like this
In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.
The text was updated successfully, but these errors were encountered: