Jump to content

Editor Exploit


Daddy

Recommended Posts

Bit disappointed I have to share this info publicly so I'll keep it brief. Using inspect element you can modify text beyond what is allowed through the editor. This shouldn't happen imo and can be easily used to deface websites if used maliciously.

Here's some of the "best" case scenarios this is used for. The worst case should be pretty obvious by now.

 

Here is an example, using background color despite the editor not having the option.

 

Even worse, I can set font size to a ridiculous size, thousands of times higher than what the editor even allows.

Link to comment
Share on other sites

  • Management

This is not an exploit it is just annoying user behavior. There is a LOT a user can do to be purposely annoying. The editor will allow any safe input and filter out anything that can be dangerous (like JavaScript and such).

This is a moderation thing not a security thing.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...