安云网 - AnYun.ORG | 专注于网络信息收集、网络数据分享、网络安全研究、网络各种猎奇八卦。
当前位置: 安云网 > 技术关注 > WEB安全 > Bypassing url encoding by browser

Bypassing url encoding by browser

时间:2014-05-10来源: 作者:点击:
security, bugs, collector, xss, csrf, xxe, sqli, rce, hacking
/ #8

Trick #8 - Bypassing url encoding by browser

//内容来自AnYun.ORG

You can have a situation when you found XSS which should not to url encoded by browser.

For PoC for this type of XSS use Internet Explorer. This browser doesn't encode all data after "?" symbol in url, example

http://victim/THESE_DATA_WILL_BE_ENCODED?____BUT____THESE____ARE___NOT

Also you can disable urlencoding all data in url (after redirection by header), example in php:


header("Location: http://victim/ANY_DATA_HERE_WILL_BE_NOT_ENCODED");

//本文来自安云网


Publised at 17 Jan'2014 |
顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
验证码: 点击我更换图片
相关内容
推荐内容