Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A XSS bug that can execute code(用户恶意修改 评论 的ua可触发XSS执行代码) #400

Closed
3 tasks done
FFreestanding opened this issue Jun 21, 2022 · 3 comments

Comments

@FFreestanding
Copy link

FFreestanding commented Jun 21, 2022

如果您想报告错误,请提供以下信息 If you want to report a bug, please provide the following information:

  • 可复现问题的步骤 The steps to reproduce.
  • 可复现问题的网页地址 A minimal demo of the problem via https://jsfiddle.net or http://codepen.io/pen if possible.
  • 受影响的Valine版本、操作系统,以及浏览器信息 Which versions of Valine, and which browser / OS are affected by this issue?
@FFreestanding FFreestanding changed the title 一个xss漏洞,现在访问官网会跳转到百度 一个xss漏洞 Jun 21, 2022
@xCss xCss added the bug label Jun 21, 2022
@FFreestanding FFreestanding changed the title 一个xss漏洞 A XSS bug that can execute code(用户恶意修改 评论 的ua可触发XSS执行代码) Jun 21, 2022
@FFreestanding
Copy link
Author

FFreestanding commented Jun 21, 2022

可复现问题的步骤 The steps to reproduce.

The latest version of valine is 1.4.18

First select a page to test : https://valine.js.org/hexo.html

图片

Capture the packet then modify the post of the packet and sent

图片

below payload will make the comments look normal and allows code execution,Google Chrome and Firefox will all be attacked.

图片

It work

图片

The alarm information is related to other failed test codes. Please ignore it

可复现问题的网页地址 A minimal demo

https://valine.js.org/
https://valine.js.org/hexo.html
http://luckyzmj.cn/posts/1d6f1579.html
图片

maybe all websites which is using the project will be influenced

受影响的Valine版本、操作系统,以及浏览器信息 Which versions of Valine, and which browser / OS are affected by this issue?

Valine1.4.18
win10
Google Chrome and Firefox

@xCss xCss added the next label Jun 22, 2022
xCss pushed a commit that referenced this issue Jun 24, 2022
@xCss
Copy link
Owner

xCss commented Jun 24, 2022

已修复,感谢对Valine的支持~ ❤️

@xCss xCss closed this as completed Jun 24, 2022
@xCss
Copy link
Owner

xCss commented Oct 11, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants