Tweet
I received this message today from one of my forum members.
comments?
I'm an internally facing security architect for an Internet company, but I'm also a forum member.
While I was trying to post a message, I noticed that angle-brackets were not escaped in forum output, yielding an XSS Vulnerability.
If you compose a post containing: (LEFT_ANGLE_BRACKET)img src="/" onerror="alert(1)"(RIGHT_ANGLE_BRACKET) and then preview it, the javascript executes. You'll need to convert the brackets to actual brackets and remove the parentheses to try it out.
I did not (and will not) attempt to submit the test post, I just previewed it. If submitting the post works, this puts your users at risk.
I'm not looking for credit here, I just want to be safe while participating in the forums. I want my fellow users to be safe too.
comments?
I'm an internally facing security architect for an Internet company, but I'm also a forum member.
While I was trying to post a message, I noticed that angle-brackets were not escaped in forum output, yielding an XSS Vulnerability.
If you compose a post containing: (LEFT_ANGLE_BRACKET)img src="/" onerror="alert(1)"(RIGHT_ANGLE_BRACKET) and then preview it, the javascript executes. You'll need to convert the brackets to actual brackets and remove the parentheses to try it out.
I did not (and will not) attempt to submit the test post, I just previewed it. If submitting the post works, this puts your users at risk.
I'm not looking for credit here, I just want to be safe while participating in the forums. I want my fellow users to be safe too.
Comment