Incorrect Payload Content-type

sbehrens / sleepy-puppy

Deprecated please use https://github.com/Netflix/sleepy-puppy

94 stars 24 forks source link

Incorrect Payload Content-type #5

Closed moloch-- closed 9 years ago

moloch-- commented 9 years ago

The XSS payload content-type is text/html instead of text/javascript:

HTTP/1.0 200 OK
Content-Length: 135570
Content-Type: text/html; charset=utf-8
Date: Tue, 28 Jul 2015 23:39:32 GMT
Server: Werkzeug/0.10.4 Python/2.7.6

/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license
//@ sourceMappingURL=jquery.min.map
*/
if(typeof jQuery == 'undefined'){

sbehrens commented 9 years ago

Thanks @moloch-- I'll take a look at adding the right content type for the JS file.

sbehrens commented 9 years ago

fixed in dev branch.