JoaovitormaiaFDED4835-BD49-4533-8311-1D71E0ED7C00Stored XSS on drawio
EPSS
Percentile
21.4%
Sumary
Draw io has a feature to put links on a text, due to a bad sanitization it allows to put javascript:// scheme on a anchor tag which allows to execute javascript code
Steps to reproduce
- Create a text box and set word size to 50
- Click with the rigth button and “Edit link”
- Put asdf://test.com
- Click with the rigth button again and “Edit data”
- On the “link” attribute put javascript:javascript://%0aalert(document.domain)
- Export the page as URL
- Click on the link
References
viewer.diagrams.net/?tags=%7B%7D&highlight=0000ff&edit=_blank&layers=1&nav=1&title=xss.drawio#RdZNdb9sgFIZ%2FjaXtopUDTdZdxkmbatI2TVnVa2qoTQscD%2BPa6a%2FfIYA%2F1lWyZHjOy%2FnikNGdHg6WNfV34EJlJOdDRvcZIasrQjL%2F5fwUCF1HUFnJo2gCR%2FkmIswj7SQX7ULoAJSTzRKWYIwo3YIxa6Ffyp5ALaM2rBLvwLFk6j19kNzVgV6TLxO%2FE7KqU%2BTV5muwaJbEsZK2Zhz6GaI3Gd1ZABdWetgJ5ZuX%2BhLO3X5gHROzwrj%2FHLhvhf35%2BOx7QnLFHvFezqKMbBTqiycw3tK6Uyx186eDZLhozxexRcE6b%2FAyi8mOq8r%2Ff4vBJWcYNfgLppCakuYlxHxmr6wtrWzQuF1sfLr%2BW%2BcMW27dJw5lp7GiSw6aSfM5uEpFr39ct923fP9r%2F3ab3w2H432nL1ZjM8cmTVUR59OkRe20b8AKl62z8CJ2oMAiMWCEr1oq9Q9iSlYGtyWmI5AXr5igxNHYRoOWnPswRV9LJ44NK33MHh8CMgud4cLnnY8d8Q7E8OH9zQs5CNDC2RNK4gFK4yDFl0Q2cd9Pc5lQPRvJdIzFl1CNnqdhwUXsXdrOxiehaVTP8tmDpzd%2FAQ%3D%3D
youtu.be/RHevZOx1nhc
Related
