Skip to content

Latest commit

 

History

History
35 lines (28 loc) · 1.23 KB

README.md

File metadata and controls

35 lines (28 loc) · 1.23 KB

SXSS Demo Application

This is a demo application that demonstrates proper sanitization of raw html entered via a rich text editor

Running the application

  1. install node v20
  2. run npm ci
  3. run node app.js
  4. visit http://localhost:3000/sanitized.html to test the sanitized input
  5. visit http://localhost:3000/unsanitized.html to test the unsanitized input

Exploting the vulnerability

  1. Run the following curl command:

    curl --request POST \
--url http://localhost:3000/unsanitzed \
--header 'Content-Type: application/json' \
--data '{
"richText": "<img src='\''x'\'' onerror='\''alert(1)'\''>"
}'

  2. After running the command copy the id that was returned and paste it in the post query parameter of the unsanitzed.html url:

    http://localhost:3000/unsanitized.html?post=your-id-goes-here

    You should see an alert popup appear. This verifies that you have exploited the sxss vulnerability.

  3. Repeat step 2 this time using the sanitized url:

    http://localhost:3000/sanitized.html?post=your-id-goes-here

    You should no longer see the alert popup. This verifies that the injected javascript has been sanitized.