Theme Layout

Boxed or Wide or Framed

Wide

Theme Translation

Display Featured Slider

Featured Slider Styles

Display Grid Slider

yes

Grid Slider Styles

Display Trending Posts

Display Author Bio

Display Instagram Footer

off

Dark or Light Style

Light
Powered by Blogger.
Navigation Menu

All rights reserved
komorebi 2016

Friday, December 23, 2016

[Medium] HTML Injection - Reflected (POST)

10:33:00 AM
to Read (
Words)

# Introduction

 :BWAPP → Medium→ HTML Injection - reflected (POST)


# Training

 :As before, I did the exercises without reference to the source code. When I input the value used in the previous step, It will be output as plain text as follows.


So, I checked the input values to the server using the buff suite.


I found that the value passed to the server is encoded( <, > encoded to %3C, %3E).If I input this values, I thought that the specific function of html_post.php encode it once and pass it to the server. If I visualize what I think, it is as follows.


When I input the value, It was passed to the server as follows.


When I forward values, I could use the html tags.



QuickEdit
Unknown
0 Comments
Share This Post :

You Might Also Like

Web

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Follow @SunriseSunsetBlog