the original cloud security

Codiad 2.0.7 Cross Site Scripting

Codiad 2.0.7 Cross Site Scripting
Posted Dec 20, 2013
Authored by Project Zero Labs

Codiad version 2.0.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 5b94f29704d77d275245e1abac40eab2

Codiad 2.0.7 Cross Site Scripting

Change Mirror Download
# Exploit Title: Codiad - Stored (Persistent) Cross Site Scripting Vulnerability
# Date: 02/12/2013
# Exploit Author: Project Zero Labs
# Vendor Homepage: http://www.codiad.com
# Software Link: https://github.com/Codiad/Codiad
# Version: v.2.0.7
# Tested on: Kali Linux / Iceweasel v.22

About the software:
===================

Codiad is a web-based IDE framework with a small footprint and minimal requirements.
Demo: http://demo.codiad.com/


Vulnerability Details:
======================

Project Zero Labs identified a stored (persistent) cross site scripting vulnerability in the
"Project Name" field. For example if we put: <script>alert("XSS Found!");</script>
as the project name a popup alert will appear every time we trigger the Project Menu or
the Codiad loads the Project.

An attacker can inject malicious code that will be executed on the victim's browser.

The vulnerability has already reported to the development team via GitHub.


Report & Proof Of Concept:
==========================

A detailed report with screenshots as Proof Of Concept can be found in the software's bug tracker (Github):

https://github.com/Codiad/Codiad/issues/584


Payload:
========

<script>alert("XSS Found!");</script>


Severity:
=========
Medium


Credits:
========

Project Zero Labs

labs@projectzero.gr
http://www.projectzero.gr

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close