Editor Exploit

Daddy · February 24, 2022

Bit disappointed I have to share this info publicly so I'll keep it brief. Using inspect element you can modify text beyond what is allowed through the editor. This shouldn't happen imo and can be easily used to deface websites if used maliciously.

Here's some of the "best" case scenarios this is used for. The worst case should be pretty obvious by now.

Here is an example, using background color despite the editor not having the option.

Even worse, I can set font size to a ridiculous size, thousands of times higher than what the editor even allows.

Charles · February 24, 2022

This is not an exploit it is just annoying user behavior. There is a LOT a user can do to be purposely annoying. The editor will allow any safe input and filter out anything that can be dangerous (like JavaScript and such).

This is a moderation thing not a security thing.

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Editor Exploit

Recommended Posts

Daddy

Charles

Recently Browsing 0 members

More