Skip to content
This repository has been archived by the owner on Sep 5, 2018. It is now read-only.

Vulnerability could exists if attributeValue partially contributes to a dangerous protocol #34

Open
adon-at-work opened this issue Apr 10, 2015 · 2 comments
Open

Vulnerability could exists if attributeValue partially contributes to a dangerous protocol #34

adon-at-work opened this issue Apr 10, 2015 · 2 comments
Labels
question

Comments

@adon-at-work
Copy link
Contributor

For example: java{{url}}
@adon-at-work adon-at-work changed the title Vulnerability could exists if attributeValue partially contributes to a dangerous protocol. for example: java{{url}} Vulnerability could exists if attributeValue partially contributes to a dangerous protocol Apr 10, 2015
@neraliu
Copy link
Contributor

neraliu commented Apr 21, 2015

it is an interesting pattern that in theory can bypass any blacklist / whitelist filters. however, if we consider the attribute value context as the whole and trigger the URI parser to parse the string, then we can detect this issue.

@adon-at-work
Copy link
Contributor Author

documented here is another possibility: {{url1}}{{url2}}, where {{url1}} is java and {{url2}} is script:alert(1)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neraliu @adon-at-work