You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the latest version.It allows XSS attack, which lead to any Javascript Code execution. Such as any url redirect, and send comment without Verification code
#218
Closed
MiluOWO opened this issue
Nov 6, 2019
· 2 comments
An issue was discovered in Valine v1.3.10. It allows XSS attack, which lead to any Javascript Code execution. Such as any url redirect.
XSS
payload:
<details open ontoggle=top[8680439..toString(30)](1);>
When the payload is pasted in comment area, the js code is repeat executed, and if you post it with Burp or any tools, this payload will become a storage xss in this page.
By this xss, you can direct any url you want.
payload:
<details open ontoggle=window.location.replace('https://www.google.com');>
Fix the vulnerability: please use html entity encode
bypass Verification code to send comment
In this comment system, if you catch this http data pack, you can send any comment without verification code. Even you can fake you comment time、ua、..etc
The text was updated successfully, but these errors were encountered:
An issue was discovered in Valine v1.3.10. It allows XSS attack, which lead to any Javascript Code execution. Such as any url redirect.
payload:
<details open ontoggle=top[8680439..toString(30)](1);>
When the payload is pasted in comment area, the js code is repeat executed, and if you post it with Burp or any tools, this payload will become a storage xss in this page.
By this xss, you can direct any url you want.
payload:
<details open ontoggle=window.location.replace('https://www.google.com');>
Fix the vulnerability: please use html entity encode
In this comment system, if you catch this http data pack, you can send any comment without verification code. Even you can fake you comment time、ua、..etc
The text was updated successfully, but these errors were encountered: