Stored XSS in GameSkinny

Friendly
Friendly
Aug 3, 2018 · 2 min read

After weeks and weeks of e-mailing GameSkinny and tweeting at them to fix their security issues, they decided to not answer me (I think). That is very unfortunate. I also decided to also remove my tweets towards them as well as it didn’t seem to reach out to them.

Today I have decided to release that to the public (full disclosure) as it still works.

Steps to Reproduce the stored XSS:

Go to: http://gameskinny.com and make an account.

Image for post
Image for post

Next we visit https://www.gameskinny.com/post/edit to make a thread or article — whichever you prefer to call it.

Now we insert our payload: “><svg/onload=alert(1)> ” and it should look a little something like this:

Image for post
Image for post

After that, scroll to the bottom, then click “Save your changes” and click the preview button.

…. We get the famous confirm(1) to popup!

Image for post
Image for post

Gif of the POC:

Image for post
Image for post

If you wanted to do malicious harm, or grab information that you weren’t suppose to have, then you would use a proper payload. I won’t be sharing that here — SORRY!

You can share your drafts with registered users who will be able to see your article and they would see the XSS — or get executed on. You can also send this in to the Editors by clicking “Send to editors” and executing an XSS script on them, which would hijack their cookies or sessions to do malicious activity.

Once again, this post is NOT meant to do anything harmful to the website. I am just a security researcher who is trying to help secure your website — other websites as well.

I hope http://gameskinny.com does fix this issue in the future (hope very soon) to secure their users information.

If you have any questions or comments, feel free to message me on Twitter @Skeletorkeys

Thanks for reading.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store