Cross-site Scripting (XSS) - Generic in rilyzhang/dy-server
Valid
Reported on
Feb 6th 2021
Description
Cross Site Scripting
in dy-server2
Proof of Concept
- Install package from npm: npm i -g dy-server2
- Create folder or file with name:
<img src=x onerror=alert(1)>
- Start server: dy-server2 -p 8888
- Open website and the code will execute
to join this conversation