RE: Stored XSS vulnerability in hiveblockexplorer.com !! [SOLVED]

avatar

You are viewing a single comment's thread:

UPDATE: the same vulnerability is also on steemblockexplorer(...)

They don't need XSS to steal from users. People who use Steem these days should assume that their funds can be stolen at any moment.



0
0
0.000
10 comments
avatar

Found also a new XSS not yet fixxed on the same site. Messaged u on Discord.

0
0
0.000
avatar

I'm not using a discord. Come to the https://openhive.chat
You can find me (@gandalf) on #general channel or #witness or #help.

0
0
0.000
avatar
0
0
0.000
avatar

Nope it's not resolved yet - just checked. @penguinpablo is not reachable on any Chat-Service so it have sent him a private memo in his wallet with Informations to the XSS i found.

0
0
0.000
avatar

@louis88
Make sure you clear your cache.
I don’t see your memo, if another field was not fixed you could send it to him encrypted with his public memo key so that only he can decrypt it with his private key.

0
0
0.000
avatar

Sure. i cleared the whole Site data in the Developer Console and opend the page where i stored the Script. And yes, i got the alert.

I have sent penguinpablo an encrypted memo on hive because he is the project owner. sure ;)

0
0
0.000