ioc[.]one - OSINT Cyber Threat Intelligence Database

A Wormable XSS on HackMD!

Tags

attack-pattern:

Data Javascript - T1059.007 Template Injection - T1221

Show in Graph

Common Information

Type	Value
UUID	69cb05ea-5d63-45a5-b250-fbf1c028932b
Fingerprint	41a280103f687ba3
Analysis status	DONE
Considered CTI value	0
Text language
Published	March 14, 2019, 3:33 p.m.
Added to db	Jan. 18, 2023, 7:38 p.m.
Last updated	Nov. 17, 2024, 6:30 p.m.
Headline	Orange
Title	A Wormable XSS on HackMD!
Detected Hints/Tags/Attributes	20/1/54

Source URLs

	Redirection	Url
Details	Source	http://blog.orange.tw/2019/03/a-wormable-xss-on-hackmd.html

URL Provider

Details	Provider	Source level domain
Details	orange.tw	blog.orange.tw

Attributes

Details	Type	#Events	Value
Details	Domain	29	vimeo.com
Details	Domain	219	gist.github.com
Details	Domain	47	www.slideshare.net
Details	Domain	1	query.yahooapis.com
Details	Domain	26	cdnjs.cloudflare.com
Details	Domain	2	cdn.mathjax.org
Details	Domain	454	www.google.com
Details	Domain	17	apis.google.com
Details	Domain	112	docs.google.com
Details	Domain	67	www.dropbox.com
Details	Domain	2	disqus.com
Details	Domain	2	disquscdn.com
Details	Domain	41	www.google-analytics.com
Details	Domain	41	doubleclick.net
Details	Domain	2	secure.quantserve.com
Details	Domain	1	rules.quantcount.com
Details	Domain	3	pixel.quantserve.com
Details	Domain	1	js.driftt.com
Details	Domain	1	embed.small.chat
Details	Domain	1	static.small.chat
Details	Domain	16	www.googletagmanager.com
Details	Domain	3	cdn.ravenjs.com
Details	Domain	3	assets-cdn.github.com
Details	Domain	18	fonts.googleapis.com
Details	Domain	18	fonts.gstatic.com
Details	Domain	2	public.slidesharecdn.com
Details	Domain	28	www.paypal.com
Details	File	1	render.js
Details	File	11	angular.js
Details	File	218	min.js
Details	Url	7	https://gist.github.com
Details	Url	1	https://query.yahooapis.com
Details	Url	3	https://cdnjs.cloudflare.com
Details	Url	1	https://cdn.mathjax.org
Details	Url	60	https://www.google.com
Details	Url	7	https://apis.google.com
Details	Url	7	https://docs.google.com
Details	Url	6	https://www.dropbox.com
Details	Url	8	https://www.google-analytics.com
Details	Url	1	https://stats.g.doubleclick.net
Details	Url	1	https://secure.quantserve.com
Details	Url	1	https://rules.quantcount.com
Details	Url	1	https://pixel.quantserve.com
Details	Url	1	https://js.driftt.com
Details	Url	1	https://embed.small.chat
Details	Url	1	https://static.small.chat
Details	Url	3	https://www.googletagmanager.com
Details	Url	1	https://cdn.ravenjs.com
Details	Url	1	https://assets-cdn.github.com
Details	Url	2	https://fonts.googleapis.com
Details	Url	5	https://fonts.gstatic.com
Details	Url	1	https://public.slidesharecdn.com
Details	Url	6	https://www.paypal.com
Details	Url	1	https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.0.8/angular.min.js