Skip to content

Instantly share code, notes, and snippets.

@Zapotek

Zapotek/sinatra_xss.rb

Created May 20, 2023 17:47
Show Gist options
  • Save Zapotek/8ced7d589a53f0809d9b4032a0223731 to your computer and use it in GitHub Desktop.
Save Zapotek/8ced7d589a53f0809d9b4032a0223731 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sinatra_xss.rb
require 'sinatra/base'
class MyApp < Sinatra::Base
def noop
end
def process_params( params )
noop
params.values.join( ' ' )
end
get '/' do
@instance_variable = {
blah: 'foo'
}
local_variable = 1
<<EOHTML
#{process_params( params )}
<a href="?v=stuff">XSS</a>
EOHTML
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment