Slack: XSS in gist integration

2014-05-06T18:21:27
ID H1:11073
Type hackerone
Reporter zemnmez
Modified 2019-04-28T00:11:34

Description

  1. Create a gist called: "><svg onload=alert(1)>
  2. have gist integration enabled and put a link in a slack chat
  3. Visit the 'raw' or 'new window' pages for this gist, for example: https://outpost.slack.com/files/zemnmez/F029MDY33/svgonload_alert_1