Please log in to bookmark issues
#2886 –
Investigating
Description
Users with the privilege to post comments can store malicious code in the database or any other persistent media, by entering JavaScript code in the “Post Comment” field located inside all the reported issues. The inserted code will be executed every time the data is retrieved by another user.
How to reproduce
- Look for any issue and open it.
- Click on the “Post comment” button.
- In the “COMMENT” filed, type the following: ">
; check the “SAVE MY CHANGES WITH THIS COMMENT” option and click on the “Create comment” button.
- As you can see, the injected script is executed, displaying an external site.
- Back to the issue where the comment was added and refresh the page to make sure the scrips is persistent.
- Finally, the script is executed again, as a proof that it has been saved in the application’s database.
Attachments0
Important details
Times and dates
-
Estimated time No time estimated
People involved
-
thnguyen
-
-
zegenie
- Subscribers 1 Click here to show the list of subscribers
Other details
-
-
-
Not determined
Post a comment and get things done
open('https://owasp.org')">;
This issue only exists if the comment uses markdown syntax.