CSS before redirectSep 08 2003 03:32PM Stephen de Vries (stephen devries dcode net)
Hi all,
I'm looking at an application that seems to be vulnerable to CSS attack,
however, the browser keeps following the redirect before running the
script. The request:
GET /includes?"></a><script>alert('hello')</script> HTTP/1.1
Hi all,
I'm looking at an application that seems to be vulnerable to CSS attack,
however, the browser keeps following the redirect before running the
script. The request:
GET /includes?"></a><script>alert('hello')</script> HTTP/1.1
Results in the following response:
HTTP/1.1 302 Object Moved
L...
[ more ]