XSS Vulnerability

Question

XSS Vulnerability

S1lkys opened this issue 3 years ago · comments

Supplying the following Code on https://md2pdf.netlify.app/ results in JS execution

### XSS PoC
<!-- markdownlint-disable MD038-->
- `<Img src = x onerror = "javascript: window.onerror = alert(document.domain); throw XSS">`

Dennis · Answer 1 · Thu Sep 23 2021 20:19:15 GMT+0800 (China Standard Time)

I don't think attacker could use this payload to attack other users.

Dennis · Answer 2 · Thu Sep 23 2021 20:21:05 GMT+0800 (China Standard Time)

There's no server-side stored so we don't do the sanitizer, and also we don't do any URL parsing logic to update the DOM, could you leave more info if you have some finding about it?

Silky · Answer 3 · Fri Sep 24 2021 19:00:39 GMT+0800 (China Standard Time)

its not about the payload but that you can execute any JS you want. F.E I could easily create a phishig page via this injection

Silky · Answer 4 · Fri Sep 24 2021 19:01:51 GMT+0800 (China Standard Time)

Just thought to inform you about that. Its not very critical as its self XSS. You may close it if you want to ^^

Dennis · Answer 5 · Fri Sep 24 2021 19:54:02 GMT+0800 (China Standard Time)

Did not do any sanitizer since it's an local/non-stored editor (eg. you can run or hot-reload the html preview in editor, would you think it's a XSS?), what your payload and result are really expected to me, see https://github.com/realdennis/md2pdf#whats-special

I could easily create a phishig page via this injection

In this case, you can only phishing yourself I think.