Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Response headers are not escaped when generating the curl command, allowing for XSS #1863

Closed
joevennix opened this issue Jan 12, 2016 · 0 comments
Closed

Response headers are not escaped when generating the curl command, allowing for XSS #1863

joevennix opened this issue Jan 12, 2016 · 0 comments
Labels
cat: security P1 type: bug

Comments

@joevennix
Copy link
Contributor

To reproduce, hit an API endpoint that returns a response with a Content-type of <script>alert(1)</script>. The script will be injected into the page and will execute. An example sinatra server is attached that can be used to reproduce. Set /swagger.json as the JSON file, and try the GET /v2/pet/1 call.

The sinatra file can be found here, you will need to gem install sinatra before running:
https://gist.github.com/joevennix/df28a686471860e0d562
@joevennix joevennix changed the title Response headers are not escaped before passing to curl, allowing for XSS Response headers are not escaped when generating the curl command, allowing for XSS Jan 12, 2016
@joevennix joevennix mentioned this issue Jan 13, 2016
Merged
@ghost ghost mentioned this issue Jan 16, 2017
Closed
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Apr 25, 2020
Open
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Jan 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cat: security P1 type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@webron @joevennix