@joefound.bsky.social
Interesting quick read on how to use the HTTP Range header to turn “unexploitable” reflected inputs into a fully exploitable XSS. Partial-content requests can serve just the right snippet to make the attack work. #infosec #XSS attackshipsonfi.re/p/exploiting...
Exploiting Reflected Input Via the Range Header
TL;DR Reflected input is often unexploitable because the attack ends up in a place which stops it working, such as inside a quoted attribute.
attackshipsonfi.re
December 21, 2024 at 8:49 AM
Interesting quick read on how to use the HTTP Range header to turn “unexploitable” reflected inputs into a fully exploitable XSS. Partial-content requests can serve just the right snippet to make the attack work. #infosec #XSS attackshipsonfi.re/p/exploiting...