Skip to content

Added httpbin-contenttype-xss.yaml #11782

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 2, 2025
Merged

Added httpbin-contenttype-xss.yaml #11782

merged 3 commits into from
Apr 2, 2025

Conversation

@AyushXtha
Copy link
Contributor

Template / PR Information

The vulnerability is Reflected XSS in go-httpbin due to unrestricted client control over Content-Type. The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser.

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

shodan-query:
  - html:"https://github.com/mccutchen/go-httpbin"
  - title:"httpbingo.org"

@GeorginaReeder
Copy link

Thanks for your contribution @AyushXtha ! :)

@DhiyaneshGeek DhiyaneshGeek self-assigned this Mar 24, 2025
@DhiyaneshGeek DhiyaneshGeek added good first issue Good for newcomers Done Ready to merge and removed Done Ready to merge labels Mar 24, 2025
@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Mar 24, 2025
@AyushXtha
Copy link
Contributor Author

Hello @DhiyaneshGeek @pussycat0x ,
This change "Server": [ will not cover all the test cases. For example: https://httpbin.org/response-headers?Content-Type=text/html&Server=%3Cimg/src/onerror=alert()%3E

Screenshot 2025-03-24 at 6 22 43 PM

@DhiyaneshGeek
Copy link
Member

DhiyaneshGeek commented Apr 1, 2025
edited
Loading

Hi @AyushXtha

Can you share a FN results which doesn't contain

"Server": [

Because as far i know it contained the "Server": [ keyword

Looking forward to hear back from you

Thanks

@AyushXtha
Copy link
Contributor Author

Hello @DhiyaneshGeek ,
The FN results which doesn't contain

"Server": [

are:

https://httpbin.org/response-headers?Content-Type=text/html&Server=%3CS%3Eprojectdisocvery
https://httpbin.yurplan.com/response-headers?Content-Type=text/html&Server=%3CS%3EprojectDISCOVERy
https://httpbin-8964.expat.com/response-headers?Content-Type=text/html&Server=%3CS%3EprojectDISCOVERy
Screenshot 2025-04-01 at 3 51 50 PM

@DhiyaneshGeek
Copy link
Member

Hi @AyushXtha

i have updated the template, let me know if this looks good

Thanks

@pussycat0x pussycat0x merged commit 83bcc19 into projectdiscovery:main Apr 2, 2025
3 checks passed
@AyushXtha AyushXtha deleted the httpbin branch April 2, 2025 10:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pussycat0x pussycat0x pussycat0x approved these changes

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels

Done Ready to merge good first issue Good for newcomers

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@AyushXtha @GeorginaReeder @DhiyaneshGeek @pussycat0x