Arknights Stored XSS

2020.09.06

Garuda Security Hacker (ID)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Nickname: 5TUP1D-BOY
Team: Garuda Security Hacker
Vendor: yo-star.com
Url Site: arknights.global

Is Very simple

You must login with your arknights account
And go to https://www.arknights.global/dormdesigncontest/
Pick 1 Post All Post Vulnerable Stored XSS

I pick https://www.arknights.global/dormdesigncontest/watch?worksid=5f225c2a81e59974c08eca74
And Let's Comment On Thats Post With Payloads. I use <script>alert(1)</script>
Is Very Simple Payload.

And Boom You Can See Thats Page Is Vulnerable Stored XSS

Example:https://www.arknights.global/dormdesigncontest/watch?worksid=5f225c2a81e59974c08eca74

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Arknights Stored XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.