▄▄             ▄▄▄  ▄▄▄ Power
█  █ ▄▄▄▄ ▄▄▄▄▄ █  █ █  █
█▄▄█ █▄▄▄ █ █ █ █▀▀▄ █▀▀▄
█  █ ▄▄▄█ █ █ █ █▄▄▀ █▄▄▀

Login
Register
/ aa about.it ad amd64 and.who apache api asm asmbb asmbb.features authentication bbcode best bugs bulma cares chat common debian decentralization deck design dll docker email embed fast feature files fossil fresh.ide friendly gamedev heap help hiawatha high.cpu i18n ideas incredible interop learning libfresh limit links linux mailing.list meme meta.http-equiv minimag money mysql neo nginx numbers orly os outage pass password post-by-email programmers programming proile read-by-email resources safety script.alert.xss secret seo skins sodom source sourcecode stress.test subdirectory subforum suggestion support tags templates test test123 theme type very.ugly video work xss игнат котики парола русский тест уеб.програмиране хабр.наполеон
Categories Threads

xss and RCE vulnerabilities found RSS

Pretty much all input are currently vulnerable, you should really audit a bit more before pushing updates. We will continues to fuzz it

xss vuln My picture Hey, we did found some xss which can be triggered on various href

- Edit we also found a RCE for Edge user also can RCE edge users with URI's like calculator://aaa yahoo.com one

My picture

another xss in user profile My picture

My picture

Thanks for the report, I'm sure John"found" a fix ;-)

Hm... As a rule, XSS are possible. But I can't reproduce these. Please, provide some code samples. Post directly here - it is OK if the code is non-destructive.

AsmBB v2.7 (check-in: b1b34acbf71dada0); SQLite v3.30.0 (check-in: c20a353364320254);

©2016..2018 John Found; Licensed under EUPL.
Powered by Assembly language
Created with Fresh IDE

Icons are made by Egor Rumyantsev, vaadin and icomoon from www.flaticon.com