We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://(domain)/prefix/(node)/ipv4?q=%22%2balert(document.domain)%2b%22
Example from the domain: https://(domain)/prefix/(node)/ipv4?q=%22%2balert(document.domain)%2b%22
Arbitrary Javascript Code alert(document.domain) is executed. This can leverage to leak cookies, or even run malicious code on the victim's browser.
alert(document.domain)
The text was updated successfully, but these errors were encountered:
Looks like the same issue as #63, fixed in #82 one year ago? Can you confirm?
Sorry, something went wrong.
Seems like the same issue was described back in #18
I've installed the latest version and it seems to be fixed.
I found this issue while testing some servers on the internet, but I couldn't confirm as there was no current version displayed on the service
Thanks !
No branches or pull requests
Expected Behavior
https://(domain)/prefix/(node)/ipv4?q=%22%2balert(document.domain)%2b%22
Example from the domain: https://(domain)/prefix/(node)/ipv4?q=%22%2balert(document.domain)%2b%22
Actual Behavior
Arbitrary Javascript Code
alert(document.domain)
is executed.This can leverage to leak cookies, or even run malicious code on the victim's browser.
The text was updated successfully, but these errors were encountered: