Cross-site Scripting (XSS) - Stored in chocobozzz/peertube
Sep 7th 2021
🕵️♂️ Proof of Concept
https://interact.projectdiscovery.io/ and receive a url and replace it with
image.SVG file somewhere on website like NEW CHANNEL section and copy the link of SVG image after upload that already should be like this:
3.Open the URL and you can see the user main access key( just for test I show one of the main local storage keys) and also you can see that in
https://interact.projectdiscovery.io/ we receive some ping from
This vulnerability is capable of take control of user accounts.