41
gitpush
68d

This is what happens when you decide to send error messages as url value

I'm speechless :\

Comments
  • 7
    Can you send a <script> tag?
  • 7
    @JKamue I am honestly not sure, that's why I did not reveal their url, don't want them to be hacked lol
  • 5
    @JKamue Depends on how the underlying system is parsing the incoming parameters.. But I'd try nonetheless xD
  • 2
    @gitpush hacking with js?
  • 2
    @nitwhiz well I once saw a demo about listing server directory tree from using plain linux commands like ls, cd inside a textbox and sending request to server.
    Not sure what else could be possible
  • 0
    @gitpush these setups on which you can perform such stunts are outrageuosly stupid. On the other hand, error from url.. so.. you got a point.
  • 2
    I know the site, and had to try it out myself, luckily for them the MS thing it's made in does filter the basic xss things, even escaped stuff.
  • 2
    @GTom good good cuz I have to work with it for sometime lol don't you mess it up for me XD
  • 2
    Fucking scary gbh as they are quite popular site.
Your Job Suck?
Get a Better Job
Add Comment