Lucene search

K
huntrJustinp09010708B798D-F410-46CE-A8BA-A08357198366
HistoryMay 11, 2022 - 10:22 a.m.

Stored XSS in application name.

2022-05-1110:22:09
justinp09010
www.huntr.dev
9

Description

Hi there, there is a stored XSS in Oauth application name.

Proof of Concept

  1. Install a local instance of Autolab.
  2. Go to /oauth/applications and create a new application with name <img src>.
  3. Click on Authorize and see that a pop up appears with user’s cookies.

Link to POC https://drive.google.com/file/d/1r4bwjW803k_8RhNXAyRZK6Qa6hU6W9cS/view?usp=sharing