Stored XSS at Trello.com

First let’s start with what is Trello?

Trello is a web-based, Kanban-style, list-making application and is a subsidiary of Atlassian.[5] Originally created by Fog Creek Software in 2011, it was spun out to form the basis of a separate company in 2014[6][7] and later sold to Atlassian in January 2017.[8] The company is based in New York City, U.S.[9] - Wikipedia

Vulnerabilities:
1. Stored XSS — Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. “imperva”

_________________________________________________________________

I found out by looking around the site that i can upload and open SVG files without getting blocked or auto redirected to the download of the file, so i created a SVG file with an XSS payload inside. this is how it looks :

This code is a normal code of an SVG file but with a JavaScript code in it, you can see it below:

<script type=”text/javascript”>

alert(document.domain);

</script>

_________________________________________________________________

PoC video

This has been reported and Trello Team response and fix for this vulnerability was very quick!

Maor Dayan.

--

--

Computer Expert, White hat Hacker. My Resume: https://maordayan.ml | https://maordayan.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store