Skip to content

0xBenCantCode/Scratched

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
app
app
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Scratched

One-Click itch.io Account Takeover via XSS and OAuth

Details

The markdown editor within itch.io was vulnerable to XSS in edit mode.
When a user accepts an admin invite to a project, they are automatically redirected to the project's home page in edit mode.

This vulnerability allowed an attacker to embed a malicious script in the game’s description, which would make a request to the attacker's GitHub OAuth callback URL—effectively linking the victim's itch.io account to the attacker's GitHub account.

Exploit Flow

  1. Attacker creates a malicious project
  2. Sends an admin invite to the victim
  3. Victim accepts (one-click takeover)
  4. Payload executes automatically
  5. Attacker's GitHub account is linked to the victim's itch.io account

Demo

demo.mp4

Disclaimer: Bug has been patched and itch.io agreed to public disclosure

About

One-click itch.io account takeover via XSS and Oauth.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages