Stored XSS at Trello.com

First let’s start with what is Trello?

Trello is a web-based, Kanban-style, list-making application and is a subsidiary of Atlassian.[5] Originally created by Fog Creek Software in 2011, it was spun out to form the basis of a separate company in 2014[6][7] and later sold to Atlassian in January 2017.[8] The company is based in New York City, U.S.[9] - Wikipedia

Vulnerabilities:
1. Stored XSS — Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. “imperva”

_________________________________________________________________

I found out by looking around the site that i can upload and open SVG files without getting blocked or auto redirected to the download of the file, so i created a SVG file with an XSS payload inside. this is how it looks :

This code is a normal code of an SVG file but with a JavaScript code in it, you can see it below:

<script type=”text/javascript”>

alert(document.domain);

</script>

_________________________________________________________________

PoC video

This has been reported and Trello Team response and fix for this vulnerability was very quick!

Maor Dayan.

--

--

--

Computer Expert, White hat Hacker. My Resume: https://maordayan.ml | https://maordayan.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cybersecurity: Threats, Vulnerabilities, and Risks

Will another ‘whole-of-nation’ cybersecurity initiative save us?

Stage 1 Faceter Fog Release: Share Your GPU And Get Rewarded With Face

QA on Decentralized Web and all

Windows Kernel Exploitation

How we survived 2nd bot attack

Supercharging User Password input in Laravel

TreasureDAO Hackers Have Started Returning Stolen NFTs

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Maor Dayan - מאור דיין

Maor Dayan - מאור דיין

Computer Expert, White hat Hacker. My Resume: https://maordayan.ml | https://maordayan.com

More from Medium

Open Redirection - QR Code Magic

Subdomain Takeover Via Flywheel

Finding and Exploiting SSRF Vulnerabilities

Cross Site Port Attack in Wild