You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When using the discord integration, using [prefix]rv will display the 10 most recent visited pages. if you send a crafted payload, you can do things like ping everyone.
To Reproduce
Steps to reproduce the behavior:
curl https://[DOMAIN]/```@everyone - ``` breaks out of the code block, @everyone is just a PoC ping
run [prefix]rv
See injectionon
Expected behavior
Strip or Escaped characters so that this can't happen
ShareS Version
4.5.3
Screenshots
The text was updated successfully, but these errors were encountered:
Describe the bug
When using the discord integration, using [prefix]rv will display the 10 most recent visited pages. if you send a crafted payload, you can do things like ping everyone.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Strip or Escaped characters so that this can't happen
ShareS Version
4.5.3
Screenshots
The text was updated successfully, but these errors were encountered: