esotalk topic xss vulnerability
Closed this issue · 1 comments
evi1m0 commented
Payload:
[url=[img]onmouseover=alert(document.cookie);//://example.com/image.jpg#"aaaaaa[/img]]evi1m0[/url]
Proof:
andrewks777 commented
Fix:
https://github.com/esotalk/esoTalk/blob/develop/core/lib/ETFormat.class.php
public function formatLink($url, $text = null)
public function formatLink($url, $text = null)
{
if ($text === null) $text = $url;
$url = sanitizeHTML($url);
$text = sanitizeHTML($text);