December 26, 2019 07:45AM
Hello,

We detected XSS vulnerability when we use 301 or 302 redirections.

How to reproduce?

curl -I -k "http://example.com/test'""'>><svg/onload=alert\`ayman\`>" > ayman.html

open ayman.html and you will get the popup!

I tried the below redirections and it's valid on all cases:

- return 301 https://www.exampl.com$request_uri;

- rewrite ^/(.*) https://www.example.com/$1 permanent;

Nginx version: 1.14.2

Is there a fix/workaround for this?

Thanks
Subject Author Posted

301/302 XSS vulnerability

ayman December 26, 2019 07:45AM

Re: 301/302 XSS vulnerability

Maxim Dounin December 27, 2019 07:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 73
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready