Yogstation icon indicating copy to clipboard operation
Yogstation copied to clipboard
verified publisher icon yogstation13

Admin ranks can produce executable HTML in chat that may execute in legacy IE(Internet Explorer)

Open burn1cycle opened this issue 3 years ago • 0 comments

Severity

Exploit

Short Description

Some "chuckle head" thought it was a good idea to play a HTML video clip with loud audio over the chat system.

Reproduction

  1. Be on server in any capacity
  2. Have admin execute HTML links/code in chat

Round ID

43407

Test Merges

n/a

BYOND Username

Aphielanisn

Additional information

It's possible admin credentials could be seized, used to login, and send everyone hackertoolz.ch/rootkit/yougotowned/bitcoinminerandidentitytheft.html

burn1cycle avatar Oct 18 '22 22:10 burn1cycle