301/302 XSS vulnerability
ayman
nginx-forum at forum.nginx.org
Thu Dec 26 17:57:49 UTC 2019
Hello,
We detected XSS vulnerability when we use 301 or 302 redirections.
How to reproduce?
curl -I -k "http://example.com/test'""'>><svg/onload=alert\`ayman\`>" >
ayman.html
open ayman.html and you will get the popup!
I tried the below redirections and it's valid on all cases:
- return 301 https://www.exampl.com$request_uri;
- rewrite ^/(.*) https://www.example.com/$1 permanent;
Nginx version: 1.14.2
Is there a fix/workaround for this?
Thanks
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286600,286600#msg-286600
More information about the nginx
mailing list