Stored XSS at Trello.com

First let’s start with what is Trello?

Trello is a web-based, Kanban-style, list-making application and is a subsidiary of Atlassian.[5] Originally created by Fog Creek Software in 2011, it was spun out to form the basis of a separate company in 2014[6][7] and later sold to Atlassian in January 2017.[8] The company is based in New York City, U.S.[9] - Wikipedia

Vulnerabilities:
1. Stored XSS — Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. “imperva”

_________________________________________________________________

I found out by looking around the site that i can upload and open SVG files without getting blocked or auto redirected to the download of the file, so i created a SVG file with an XSS payload inside. this is how it looks :

This code is a normal code of an SVG file but with a JavaScript code in it, you can see it below:

<script type=”text/javascript”>

alert(document.domain);

</script>

_________________________________________________________________

PoC video

This has been reported and Trello Team response and fix for this vulnerability was very quick!

Maor Dayan.