Gửi #50338: Unauthenticated Stored XSS in apinto-dashboard <= v1.1.0-beta via callback, usernamethông tin

tiêu đề	Unauthenticated Stored XSS in apinto-dashboard <= v1.1.0-beta via callback, username
Mô tả	# Get start repo: https://github.com/eolinker/apinto-dashboard 1,Download and unzip the installation package Apinto 2,Start gateway 3,Download and unzip the installation package Apinto Dashboard 4,Start Apinto Dashboard ```bash wget https://github.com/eolinker/apinto/releases/download/v0.8.0/apinto-v0.8.0.linux.x64.tar.gz && tar -zxvf apinto-v0.8.0.linux.x64.tar.gz && cd apinto ./apinto start cd .. wget https://github.com/eolinker/apinto-dashboard/releases/download/v1.1.0-beta/apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && tar -zxvf apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && cd apinto-dashboard ./apinto-dashboard ``` # Unauthenticated Stored XSS While user loging, the wrong user name and callback parameter will be recorded in the activity log, but the output parameters are not escaped correctly, external attacker can inject arbitrary js code. poc: open /login?callback=/<img src=1 onerror=alert(/2nd-xss/)> enter `<img src=1 onerror=alert(/1st-xss/)>` at the username ![](https://c2.im5i.com/2022/11/01/XrTL4.png) ![](https://c2.im5i.com/2022/11/01/XrXvW.png) then open /activity-log ![](https://c2.im5i.com/2022/11/01/Xrjjd.png) ![](https://c2.im5i.com/2022/11/01/XrHKR.png)
Người dùng	Tomy (UID 34751)
Đệ trình	01/11/2022 11:54 (cách đây 4 những năm)
Kiểm duyệt	01/11/2022 16:50 (5 hours later)
Trạng thái	được chấp nhận
Mục VulDB	212640 [eolinker apinto-dashboard /login callback Tập lệnh chéo trang]
điểm	17

◂ Trước Tổng Quan Tiếp theo ▸

Interested in the pricing of exploits?

See the underground prices here!