XSS vulnerability on linkifyURLs = 2

q2785031 / shellinabox

Automatically exported from code.google.com/p/shellinabox

Other

0 stars 0 forks source link

XSS vulnerability on linkifyURLs = 2 #144

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

using: http://shellinabox.googlecode.com/svn/trunk/demo/demo.html

but with linkifyURLs = 2 (instead of 1), print:

print "javascript:'@1.3.3.7/http://',alert(1);" 

it will create a link that when clicked will execute an alert.

Original issue reported on code.google.com by evn@google.com on 6 Oct 2011 at 7:18

GoogleCodeExporter commented 8 years ago

I meant:

print "javascript:'@1.3.3.7/http://',alert(1);"

Original comment by evn@google.com on 6 Oct 2011 at 7:24

GoogleCodeExporter commented 8 years ago

ugh, google code is eating my quotes.. there should be a quote after the ;

Original comment by evn@google.com on 6 Oct 2011 at 7:25