WebApp Sec mailing list archives

HTTP Response URI XSS but not in 302 Body

From: Robert.L.Grill () wellsfargo com
Date: Thu, 1 Jul 2004 12:24:37 -0700

Has anyone had an instance where they saw a successful Cross Site Scripting
Exploit by receiving a script in a URL response but not in the body of the
returned document.

For example:

HTTP/1.1 302 Moved Temporarily
Server: Sun-ONE-Web-Server/6.1
Date: Tue, 29 Jun 2004 00:26:25 GMT
Content-type: text/html
Location:
http://www.website.com/search/tips.jhtml?statusCode=zeroresults&query=hello&;
searchscope=>"><script>alert('XSS')</script>&userQueryCorrected=hello&_reque
stid=10756
Connection: close

<HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD>
<H1>302 Moved Temporarily</H1><BODY>
</BODY>

Thanks,

Bob

Current thread:

HTTP Response URI XSS but not in 302 Body Robert . L . Grill (Jul 01)
- Re: HTTP Response URI XSS but not in 302 Body Tim (Jul 02)
- Re: HTTP Response URI XSS but not in 302 Body Paul Johnston (Jul 02)