Zendesk: Content Spoofing

2015-09-28T13:16:01
ID H1:90753
Type hackerone
Reporter girish_s_pattanashetty
Modified 2015-11-02T22:43:27

Description

Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application.

It display the same as its entered. The crafted Thing will make the user to access or capy paste the malacious site and later it will return back to zendesk.

Possible Fix: URL Encode spaces to %20 which will convert spoofing content look like link