Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
HTTP 302 + Location + XSS
Posted by: choronzon
Date: September 15, 2012 05:07AM

Hi folks,

I found an XSS like this:

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=ISO-8859-1
Location: http://localhost/<script>alert(123)</script>

<a href='http://localhost/<script>alert(123)</script>'>http://localhost/<script>alert(123)</script></a>

but, I can't obtain js execution.. is there any way to let the browser render the html/execute the payload before performing the redirection ?

Thanks

Options: ReplyQuote
Re: HTTP 302 + Location + XSS
Posted by: Albino
Date: September 22, 2012 05:14AM

Opera only:

Location: data:text/html,<svg/onload=alert(document.domain)>

Have you tried injecting http headers?

-------------------------------------------------------
Research blog

Options: ReplyQuote
Re: HTTP 302 + Location + XSS
Posted by: choronzon
Date: September 30, 2012 08:20AM

The app is not vulnerable to header injection :,-(

Any other suggestions?

Thanks.

Options: ReplyQuote


Sorry, only registered users may post in this forum.