Arknights Stored XSS

2020.09.06
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Nickname: 5TUP1D-BOY Team: Garuda Security Hacker Vendor: yo-star.com Url Site: arknights.global Is Very simple You must login with your arknights account And go to https://www.arknights.global/dormdesigncontest/ Pick 1 Post All Post Vulnerable Stored XSS I pick https://www.arknights.global/dormdesigncontest/watch?worksid=5f225c2a81e59974c08eca74 And Let's Comment On Thats Post With Payloads. I use <script>alert(1)</script> Is Very Simple Payload. And Boom You Can See Thats Page Is Vulnerable Stored XSS Example:https://www.arknights.global/dormdesigncontest/watch?worksid=5f225c2a81e59974c08eca74


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top