Cross-site Scripting (XSS) - Stored in yogeshojha/rengine
Aug 27th 2021
When a XSS payload is used as the name of a gf pattern, it executes.
🕵️♂️ Proof of Concept
- Name a file <img src=x onerror=alert(document.domain)>.json
- Import the file as a gf pattern at https://127.0.0.1/scanEngine/tool_settings
- Click on the uploaded gf pattern.
The impact is same as any other Stored XSS vulnerability, but the exploitability is less likely.