301/302 XSS vulnerability

ayman nginx-forum at forum.nginx.org
Thu Dec 26 17:57:49 UTC 2019


We detected XSS vulnerability when we use 301 or 302 redirections.

How to reproduce?
curl -I -k "http://example.com/test'""'>><svg/onload=alert\`ayman\`>" >

open ayman.html and you will get the popup!

I tried the below redirections and it's valid on all cases:

 - return 301 https://www.exampl.com$request_uri;
 - rewrite ^/(.*) https://www.example.com/$1 permanent;

Nginx version: 1.14.2

Is there a fix/workaround for this?


Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286600,286600#msg-286600

More information about the nginx mailing list