Stored XSS in "Create Groups"
HackerOne report #647130 by rioncool22
on 2019-07-17, assigned to gitlab_cmaxim
:
NOTE! Thanks for submitting a report! Please replace all the (parenthesized) sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report!
Summary
Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS.
Steps to reproduce
- Login to Gitlab
- Create a new group with xss payload
payload i use = "> - Open Group
- To trigger XSS you can click "NEW PROJECT"
- XSS Trigger
Impact
Can steal Cookie, Can run javascript code, etc
Attachments
Warning: Attachments received through HackerOne, please exercise caution!