ArkaprabhaChakraborty
commented
2 years ago Anyone :) any help :). I don't know if this can be attacked or not :).
Open ArkaprabhaChakraborty opened 2 years ago
ArkaprabhaChakraborty
commented
2 years ago Anyone :) any help :). I don't know if this can be attacked or not :).
qll
commented
2 years ago Hi,
the particular case you quote (https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name) is indeed not exploitable.
The firing range is a test bed for automated scanners, so we also include unexploitable cases to check for misdetections. But currently this is not very well documented (only internally). I can see what I can do to bring the documentation to the public repository. We have a fix-it in our team mid June so this might be a good item to tackle then :-)
Cheers, Nicolas
psiinon
commented
2 years ago That documentation would be much appreciated :)
ArkaprabhaChakraborty
commented
2 years ago We have a fix-it in our team mid June so this might be a good item to tackle then :-)
:)
I have been trying to perform XSS for serverside URL encoding challenges like https://public-firing-range.appspot.com/escape/serverside/encodeUrl/attribute_name but I cannot bypass the encoding. Can I get some help regarding this?