Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneLuigigubelloH1:333507
HistoryApr 04, 2018 - 6:48 p.m.

Discourse: Stored XSS in "post last edited" option

2018-04-0418:48:34
luigigubello
hackerone.com
$256
16
JSON
  1. There are two users: Attacker andVictim.
  2. Attacker starts a private talk via private message with theVictim.
  3. Attacker send a message toVictim, then he edits it or deletes it.
  4. Victim sees the yellow pencil, symbol of the edit.
  5. Victim clicks on yellow pencil to see the edit and the XSS runs.

Other info: the XSS also runs on topic (video PoC #2). You can find my XSS message on this URL:
https://try.discourse.org/t/recommended-reading-for-community-and-foss-enthusiasts/278
It is very dangerous because it can hit many users at the same time.

Impact

XSS can use to steal cookies, password or to run arbitrary code on victim’s browser

The hacker selected the Cross-site Scripting (XSS) - Stored weakness. This vulnerability type requires contextual information from the hacker. They provided the following answers:

URL
https://try.discourse.org/t/recommended-reading-for-community-and-foss-enthusiasts/278

Verified
Yes

JSON