Closed Bug 936821 Opened 11 years ago Closed 11 years ago

XSS in popcorn.webmaker.org

Tracking

(Not tracked)

Status:

RESOLVED DUPLICATE of bug 866026

People

(Reporter: chawla, Unassigned)

Details

(Whiteboard: [site:popcorn.webmaker.org][reporter-external])

Attachments

(1 file)

popcorn1.png 11 years ago chawla 170.33 KB, image/png		Details

chawla

Reporter

Description

•

11 years ago

Attached image popcorn1.png — Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36

Steps to reproduce:

i created a project and added events in it.when we add xss vector in text , popup ,wikipedia etc. , XSS executes after adding these vectors.

Vectors used by me are:
<img src=x onerror=prompt(1)>
<iframe src='javascript:prompt(/XSS/);'>

Here is the video link for POC:
https://www.dropbox.com/s/al57sz4pofv0whc/webmaker.org.avi





Actual results:

payload i entered executes on creating project>>events


Expected results:

Actually it shouldn't exceute,it have to show just output project part.

Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]

Updated

•

11 years ago

Status: UNCONFIRMED → RESOLVED

Closed: 11 years ago

Resolution: --- → DUPLICATE

Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]

Updated

•

11 years ago

Flags: sec-bounty-

Whiteboard: [site:popcorn.webmaker.org][reporter-external]

Daniel Veditz [:dveditz]

Updated

•

10 years ago

Group: websites-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

XSS in popcorn.webmaker.org

Categories

(Webmaker Graveyard :: webmaker.org, defect)

Tracking

(Not tracked)

People

(Reporter: chawla, Unassigned)

References

Details

(Whiteboard: [site:popcorn.webmaker.org][reporter-external])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type