You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To reproduce, hit an API endpoint that returns a response with a Content-type of <script>alert(1)</script>. The script will be injected into the page and will execute. An example sinatra server is attached that can be used to reproduce. Set /swagger.json as the JSON file, and try the GET /v2/pet/1 call.
The text was updated successfully, but these errors were encountered:
joevennix
changed the title
Response headers are not escaped before passing to curl, allowing for XSS
Response headers are not escaped when generating the curl command, allowing for XSS
Jan 12, 2016
To reproduce, hit an API endpoint that returns a response with a
Content-type
of<script>alert(1)</script>
. The script will be injected into the page and will execute. An example sinatra server is attached that can be used to reproduce. Set/swagger.json
as the JSON file, and try theGET /v2/pet/1
call.The sinatra file can be found here, you will need to
gem install sinatra
before running:https://gist.github.com/joevennix/df28a686471860e0d562
The text was updated successfully, but these errors were encountered: