[tor-bugs] #28681 [- Select a component]: reflected XSS metrics.torproject.org
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Dec 2 07:41:05 UTC 2018
#28681: reflected XSS metrics.torproject.org
-------------------------------------+-------------------------------------
Reporter: 0x539h | Owner: (none)
Type: defect | Status: new
Priority: High | Component: - Select a
| component
Version: sbws: unspecified | Severity: Major
Keywords: xss, cross-site | Actual Points:
scripting |
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor2
-------------------------------------+-------------------------------------
Hello! I have been found reflected XSS vulnerability on subdomain of
torproject.
You should fix it :) Screenshot with easy exploit is attached to ticket.
If it possible, I will proud to get one more sticker pack ^^ .
{{{
https://metrics.torproject.org/rs.html#search/1337%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E
}}}
the vector is:
**"><img src=x onerror=alert(1)>**
P0W3RING D1G1T4L R3S1S74NC3!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28681>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list