wisec
commented
7 years ago Thank you @zoro25 , confirmed and filed
Open zoro25 opened 7 years ago
wisec
commented
7 years ago Thank you @zoro25 , confirmed and filed
If you first decode aHR0cDovL3d3dy5uby1tYXJnaW4tZm9yLWVycm9ycy5jb20vcHJvamVjdHMvcHJldHR5UGhvdG8tanF1ZXJ5LWxpZ2h0Ym94LWNsb25lLyNzaW5nbGUtaW1hZ2UtZGVtbz8jcHJldHR5UGhvdG89LzxpbWcgc3JjPXggb25lcnJvcj1jb25maXJtKDkpIC8+PiY= (I've Base64 encoded URL so it doesn't show up in search results) and then visit in BCDetect you'll see that the main detect page marks the location.href as exploitable and also decoded, but when you look at history you'll see that it's now changed its mind about both flow0 and flow1 to be not exploitable and decoded. Not a major issue just a strange inconsistency