This app is vulnerable to reflected XSS

How to run:

git clone https://github.com/ScottNeaves/refl-xss-vuln
cd refl-xss-vuln
docker-compose build
docker-compose up
curl 127.0.0.1:5000/hello?greeting=your_greeting

Spoiler Below!

The attack string is "PHM8c2NyaXB0PmNyaXB0PmFsZXJ0KDEpPC9zPC9zY3JpcHQ%2BY3JpcHQ%2B", which is the url-encoded b64-encoded version of this: "<s<script>cript>alert(1)</s</script>cript>"

Note: another way to bypass chrome's XSS protections besides requiring b64-encoded query parameter and then decoding it would have been just to pass back the X-XSS-Protection header with a value of 0: https://stackoverflow.com/questions/43249998/chrome-err-blocked-by-xss-auditor-details

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
app		app
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
docker-compose.yml		docker-compose.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

This app is vulnerable to reflected XSS

How to run:

Spoiler Below!

About

Releases

Packages

Languages

ScottNeaves/refl-xss-vuln

Folders and files

Latest commit

History

Repository files navigation

This app is vulnerable to reflected XSS

How to run:

Spoiler Below!

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages