Welcome! Log In Create A New Profile

Advanced

Re: 301/302 XSS vulnerability

Maxim Dounin
December 27, 2019 07:44AM
Hello!

On Thu, Dec 26, 2019 at 12:57:49PM -0500, ayman wrote:

> We detected XSS vulnerability when we use 301 or 302 redirections.
>
> How to reproduce?
>
> curl -I -k "http://example.com/test'""'>><svg/onload=alert\`ayman\`>" >
> ayman.html
>
> open ayman.html and you will get the popup!

You are saving response headers, not the response itself.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

301/302 XSS vulnerability

ayman December 26, 2019 07:45AM

Re: 301/302 XSS vulnerability

Maxim Dounin December 27, 2019 07:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 84
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready