Comments (10)
This should fix it; 917a25b
from ezxss.
Looks good, I'm receiving the alert now! Thanks :)
from ezxss.
Hi,
This is already fixed in master in commit Fixes escaping and failing issues in alerts
from ezxss.
I'm on master,
I have the escapedData code in the above screenshot ^
from ezxss.
This is the fix for the discord screenshot: 0a6d380#diff-b4e545d7ab18aaf8d999af13133fa0411a704721442dc0dce17771be40c15d2f
Do you have that like that aswell?
from ezxss.
Yep, looks like I have it, the latest commit I'm using :
# git log | head
commit 0a6d380ad9b7c7f559af46a4de2bd294ae2160f1
Author: ssl <[email protected]>
Date: Thu Apr 6 22:35:39 2023 +0200
Fixes escaping and failing issues in alerts
from ezxss.
Can you debug by printing the discordMessage and checking whats inside 'screenshot'?
from ezxss.
You can reproduce with this curl :
curl -H "Content-Type: application/json" -d '{"username":"ezXSS","embeds":[{"title":"[ezXSS] XSS Report #29","type":"rich","url":"https://example.com/manage/reports/view/29","timestamp":"2023-04-08T15:09:31+02:00","color":2924135,"fields":[{"name":"URL","value":"https://example.com/"},{"name":"IP","value":"x.x.x.x"},{"name":"Referer","value":""},{"name":"Payload","value":"//example.com/"},{"name":"User Agent","value":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"},{"name":"Cookies","value":""},{"name":"Origin","value":"example.com"}],"image":{"url":"data:image/png;base64,<base64 image>"},"footer":{"text":"github.com/ssl/ezXSS"}}]}' "https://discord.com/api/webhooks/xxxxx/xxxxxx"
It returns {"embeds": ["0"]}
from ezxss.
The problem is 'data:image/png;base64,'
This should be a URL, as done in
ezXSS/app/controllers/Payloads.php
Line 430 in 0a6d380
from ezxss.
I already understand why
from ezxss.
Related Issues (20)
- Invalid "msmtp" group error in docker by default HOT 4
- TO DELETE
- Default payload edge-case HOT 5
- slack webhook not working HOT 2
- Uncaught (in promise) ReferenceError: assignment to undeclared variable ez_rD HOT 2
- Feature Request: Click to copy payload. HOT 2
- Feature Request: Add GPG encryption of callback data with OpenPGP.js HOT 3
- screenshot HOT 2
- Add ability to block all subdomains by adding root domain to block list HOT 4
- Broken copy cookies as JSON HOT 2
- Docker Install SQL Error HOT 5
- Out-of-the-box docker installation has broken HTTPS interface (ssl error) HOT 6
- Limit the amount of disclosed information in alerts HOT 1
- Screenshots don't work while using import() function HOT 3
- Please include the "forget password" and "delete account" features in the application. HOT 1
- Error updating from 4.x to 4.2 HOT 12
- DataTables warning: table id=reports - Ajax error HOT 2
- Bug: Duplicate report setting isn't respected by Discord setting HOT 4
- Updating from 4.1 to 4.2 catches 500 error on update page HOT 7
- Feature Request : Cleaner UI HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ezxss.