Link Confirmation

Link Confirmation [Paid] 1.0.5

PayPal: $10.00
There is a small XSS in the plugin.
When inserting a hyperlink to another resource, we get a link of this kind
Code:
https://mydomain.com/goto/link-confirmation?url=aHR0cHM6Ly9naXRodWIuY29tL01ham9yUmFjY29vbi9TTVNQaGlzaGVy

After the url comes base64url. I can encrypt javascript in the url in base64, insert it into the url parameter, and then paste my code into another one that will lead to the domain mydomain.com and the user will click on the go button and my code will be executed.
At the same time, yes, the inscription is visible, but many poke without reading and you can obfuscate, insert a url in the middle to confuse, social engineering and a person will probably press a button with someone else's bad code.
 
There is a small XSS in the plugin.
When inserting a hyperlink to another resource, we get a link of this kind
Code:
https://mydomain.com/goto/link-confirmation?url=aHR0cHM6Ly9naXRodWIuY29tL01ham9yUmFjY29vbi9TTVNQaGlzaGVy

After the url comes base64url. I can encrypt javascript in the url in base64, insert it into the url parameter, and then paste my code into another one that will lead to the domain mydomain.com and the user will click on the go button and my code will be executed.
At the same time, yes, the inscription is visible, but many poke without reading and you can obfuscate, insert a url in the middle to confuse, social engineering and a person will probably press a button with someone else's bad code.
TheCodebySo you mean that you manual replace url and users will goto that your page?
 
very nice add on can you add it include profile posts and resource contents? also maybe other xenforo help pages which include some external URL?
 
Back
Top