RXSS in The URL Path
Post
Cancel

RXSS in The URL Path

السلام عليكم ورحمة الله وبركاتة

Hello everyone today i write about bug i found in some programs :)

this bug called Refelcted XSS in url path

and this bug is very easy to understand from everyone.

##################################

Weakness: Cross-site Scripting (XSS) - Generic

Impact: Same impact for any Reflected XSS :)

How we Discover this :-

In any target you test you can add some charcters in path after first Slash

Such this :-

http://example.com/'"\>

http://example.com/'\>

http://example.com/"\>

http://example.com/'>

……etc But I love this (%0A(“’)) Or this (A(“’))

after this we can see like this Image :-

Now we have Bug here :-

and in this case we need in this moment exploit this Bug for be RXSS >

Exploit:-

After add this in url and found this is reflective in target we need exploited this bug

http://example.com/(A(“’))

In my mind i add event handler how we found that double qute in this target in close href

ok now we remove ‘ and add event handler

To be the final form Like this

But Unfortunately this site block The Brackets after alert

Now we can add something differnt in javascript change alert(1) to alert1

After this we have Reflected XSS is good bug for good bounty :)

Reason this bug:-

Because the developer Include some attachments from paths

Not built-in in source for this page but it’s dynamic because this allow user change something but he includes this path from URL from the clients

The End…

I’m sorry for my English language