bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/36463.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

27 lines
No EOL
1 KiB
Text
Raw Blame History

# Exploit Title: Persistent XSS via Markdown on Telescope <= 0.9.2
# Date: Aug 22 2014
# Exploit Author: shubs
# Vendor Homepage: http://www.telescopeapp.org/
# Software Link: https://github.com/TelescopeJS/Telescope
# Version: <= 0.9.2
# CVE : CVE-2014-5144
Telescope 0.9.2 and below suffer from a persistent cross site scripting
vulnerability due to the lack of input sanitisation and validation
performed when parsing markdown user input. An authenticated user can
include links, images, code blocks and more through markdown, in the form
of comments, posts or replies and more.
As an example, the following vectors below can be used in comments, posts
or replies to trigger the XSS:
[notmalicious](javascript:window.onerror=alert;throw%20document.cookie)
[a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
Once posted as comments, the above markdown is converted to links without
any sanitisation. When such links are clicked, the vector is executed
successfully.
Screenshots:
http://i.imgur.com/6SQgUYd.png
http://i.imgur.com/6VeZasj.png
Reference in a new issue View git blame Copy permalink