About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Rocket.chat XSS- 451

Maik StegemannPosted 4 Years Ago
  • Rocket.chat is an open source team chat platform. Probably something similar to Slack or Chime.
  • The chat had a piece of functionality that was looking for links then created an HTML link by adding an anchor tag with a library called AutoLinker. However, rocket.chat also supports markdown that interprets links.
  • By getting the AutoLinker to parse the link first, then getting the Markdown to parse THIS link, the context of the HTML is messed up. The Markdown library does not expect does already parsed links to be passed in.
  • By using this bug with a specially crafted link, this can be turned into arbitrary JavaScript via some funky HTML tag usage. The XSS can be used for a complete account takeover. Stored XSS is the worst.
  • There is no bug with AutoLinker or the Markdown library. However, by using both of them together, it created a serious security issue. This is a super interesting finding and not something that I would have thought of.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed