Reflected XSS in canonical link tag

Рет қаралды 4,237

z3nsh3ll

Күн бұрын

Пікірлер: 12

@inezcollabs 2 ай бұрын

hey man love your videos i think you're an exceptional teacher, keep up the good work!

@gin767 Жыл бұрын

In my case, is there any reason why the canonical link appeared inside double quotes (and not single quotes)? I am using Chromium integrated in BurpSuite. It was confusing until I intercepted the response in Burp and sure enough, there, the href link is shown enclosed in single quotes. Then I proceeded as you did and solved the lab.

@gin767 Жыл бұрын

I forgot to add, that double quotes are indeed encoded and I couldn't escape the attribute. That's why it was confusing.

@nishantdalvi9470 Жыл бұрын

@@gin767 Hey actually i am little bit perplexed by how the canonical link of the web page is been set dynamically when we simply append the url with the ? and an arbitrary string, Is this kind of behavior comman in the context of web apps and if yes then can you name the term which is related to this functionality ? So that i can study about it in detail

@gin767 Жыл бұрын

@@nishantdalvi9470 I don't understand the exact mechanism myself. I just know that it is not normal behaviour in modern browsers and it is due to lack of input validation. PortSwigger did not explain this vulnerability well... just how to exploit it. Maybe MDN network got a better explanation on how canonical links work. Other than that I would guess that this is specific to older versions like IE7, for example. Don't take my word for it though.

@falanavictor1986 5 ай бұрын

@@gin767 i noticed i am facing the same issue , so how did you bypass this please ...i intercepted the request with burp but cant still get it to prompt in real browser