9/27/2023 0 Comments Slack in chromeThis also triggered an event in their socket connection called Rocket: ) I noticed that by using the browser’s copy & paste, I was able to insert a new element with the malicious link present. How would I be able to show Slack that an issue was actually currently present? Was it actually possible to modify the payload to do something else than just an alert()? First method, proxying the Rocket socket This was interesting, because there was no way to actually create new links with the same behaviour. For some reason, some of the links inside the posts did actually have javascript:-as their protocol: When looking at Slack’s new editor for Posts a few months back, I noticed that my old posts using Markdown had been migrated to the new editor. Even though the payload was only working because of a legacy migration, by utilizing Python’s AppKit to insert data into Chrome’s rich-text-format clipboard, I was able to add and modify the XSS payload already inside Slack. TL DR, this is a walkthrough of a hard-to-reproduce bug I found in Slack a few months back.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |