External URL in XSS test cases #10
Comments
|
I control this domains and there isn't any thing to worry about you can change them to your URL, source code of the file is: <?php
header("Content-Type: application/javascript");
function cors() {
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
}
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
echo "javascript:top.pinghost(1)//<img src=x onerror=top.pinghost(1)>";
}
cors();
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to test for XSS vulnerabilities via an Electron application running locally, this project should not use external, out of end-user control XSS payloads hosted on third-party services such as the one present in
xss.html.XSSTRON/xss.html
Line 26 in 02ab3e7
XSSTRON/xssp.html
Line 27 in 02ab3e7
The text was updated successfully, but these errors were encountered: