Hello! On Thu, Dec 26, 2019 at 12:57:49PM -0500, ayman wrote:
> We detected XSS vulnerability when we use 301 or 302 redirections. > > How to reproduce? > > curl -I -k "http://example.com/test'""'>><svg/onload=alert\`ayman\`>" > > ayman.html > > open ayman.html and you will get the popup! You are saving response headers, not the response itself. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
