forest 2cd68908fd | ||
---|---|---|
presentation | ||
.gitignore | ||
Dockerfile | ||
ReadMe.md | ||
build_docker.sh | ||
docker-compose.yml | ||
findings.md | ||
i-had-fun-making-this | ||
main.go | ||
payload.js | ||
payload.xml | ||
payload2.js |
ReadMe.md
What happen?
-
vore reaper requests
https://sequentialread.com/rss/
-
sequentialread.com custom reverse proxy detects vore reaper and returns custom XML
a7e806dd67/main.go (L48-L64)
-
XML has an HTML script tag embedded inside a field that vore uses https://git.cyberia.club/forest/tserof-nosnoj/src/branch/master/payload.xml#L14
-
XSS payload executes on vore.website, greeting the
j3s
user https://git.cyberia.club/forest/tserof-nosnoj/src/branch/master/payload.js
see findings.md