Skip to content
This repository has been archived by the owner on Jan 10, 2023. It is now read-only.

sereverside/encodeUrl XSS fails #31

Open
ArkaprabhaChakraborty opened this issue Apr 10, 2022 · 4 comments
Open

sereverside/encodeUrl XSS fails #31

ArkaprabhaChakraborty opened this issue Apr 10, 2022 · 4 comments

Comments

@ArkaprabhaChakraborty
Copy link

I have been trying to perform XSS for serverside URL encoding challenges like https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name but I cannot bypass the encoding. Can I get some help regarding this?
@ArkaprabhaChakraborty
Copy link
Author

Anyone :) any help :). I don't know if this can be attacked or not :).

@qll
Copy link
Contributor

qll commented May 19, 2022

Hi,

the particular case you quote (https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name) is indeed not exploitable.

The firing range is a test bed for automated scanners, so we also include unexploitable cases to check for misdetections. But currently this is not very well documented (only internally). I can see what I can do to bring the documentation to the public repository. We have a fix-it in our team mid June so this might be a good item to tackle then :-)

Cheers,
Nicolas

@psiinon psiinon mentioned this issue May 19, 2022
Open
6 tasks
@psiinon
Copy link

psiinon commented May 19, 2022

That documentation would be much appreciated :)

@ArkaprabhaChakraborty
Copy link
Author

We have a fix-it in our team mid June so this might be a good item to tackle then :-)

:)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@qll @psiinon @ArkaprabhaChakraborty