Web Bug on Lua Webpage

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Web Bug on Lua Webpage
From: Jonathan Burkett <jmb4704@...>
Date: Fri, 13 Sep 2019 02:06:13 +0000 (UTC)

Hello developers,

I've recently encountered a bug on the https://lua.org/demo.html webpage. This allows for manipulation of webpage text through the Lua compiler. I ran the code:

function a()

print(('Unnatural Lua Behavior\n'):rep(6))

end

debug.sethook(a,'c',1)

a()

This spams 'Unnatural Lua Behavior' to the output as well as overrides the message at the bottom with repetitions. This likely is open for the ability to run xss within the webpage body.

Hope y'all take care,

-Jonathan

Follow-Ups:
- Re: Web Bug on Lua Webpage, Egor Skriptunoff
- Re: Web Bug on Lua Webpage, Luiz Henrique de Figueiredo

Prev by Date: Re: Bug in the Lua 5.3 manual
Next by Date: Re: Web Bug on Lua Webpage
Previous by thread: Re: Bug in the Lua 5.3 manual
Next by thread: Re: Web Bug on Lua Webpage
Index(es):
- Date
- Thread