Skip to content

reflected XSS metrics.torproject.org

Hello! I have been found reflected XSS vulnerability on subdomain of torproject. You should fix it :) Screenshot with easy exploit is attached to ticket. If it possible, I will proud to get one more sticker pack ^^ .

https://metrics.torproject.org/rs.html#search/1337%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E

the vector is:

">

P0W3RING D1G1T4L R3S1S74NC3!

Trac:
Username: 0x539h

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information