Bringing Back MSIE into action. PATH BASED XSS for the WIN!
Hey,
Recently I asked my few fellow connections on LinkedIn if I should go writing daily based posts on Security. So here is a good start to that Jai Shree Ganesha :)
Recently I read report on Hackerone based on Path Based XSS.
Read it up here: https://hackerone.com/reports/311467
Basically nowadays whatever the path we visit e.g google.com/test”>< ,
most of the browser will encode the characters in PATH and it won’t be represented as “?>< so chances for Path Based XSS decreases or are Null!
MICROSOFT to the Rescue
Now there is a Case in MSIE/EDGE specifically where Path is not encoded if we provide the 3** redirect to the target.
Try visiting some site with https://target.com/test”><> and check the source and if our payload is reflected it will be encoded whereas try visiting it with 3** in Edge and you will notice the payload which is the path (OFC) will not be encoded.
Thanks for making it through !
Until next time.
Cheers!