qyqx / shellinabox

Automatically exported from code.google.com/p/shellinabox
Other
0 stars 0 forks source link

XSS vulnerability in openPrinterWindow #146

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
if the location of the shell is:
http://www.victim.com/path/to/vt100.html;"><script>alert(1)</script>

Then when you call openPrinterWindow (defined in vt100.js) it will trigger an 
XSS vulnerability.

The reason is because location.pathname doesn't escape double quotes in opera.

Original issue reported on code.google.com by evn@google.com on 12 Oct 2011 at 6:36

GoogleCodeExporter commented 9 years ago
"\"><script>var x = prompt;x(0);x(/XSS/.source);x(0);;x(1);</script><'>" 

Original comment by DannyRam...@gmail.com on 4 Jan 2014 at 6:22