Advertisement
saleks28

tov1

Jan 13th, 2021
1,457
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Go 1.06 KB | None | 0 0
  1. package main
  2.  
  3. import (
  4.     "fmt"
  5.     "html"
  6.     "net/http"
  7. )
  8.  
  9. func reflectedXSS(w http.ResponseWriter, r *http.Request) {
  10.     param1 := r.URL.Query().Get("search_value")
  11.     // Fix XSS vulnerability
  12.     // param1 = html.EscapeString(param1)
  13.     fmt.Fprintf(w, `<!DOCTYPE html>
  14.     <html>
  15.     <head>
  16.         <title>ReflectedXSS Demp</title>
  17.     </head>
  18.     <body>
  19.     <p> `+param1+` </p>
  20.     </body>
  21.     </html>`)
  22. }
  23.  
  24. func index(w http.ResponseWriter, r *http.Request) {
  25.     fmt.Fprintf(w, `<!DOCTYPE html>
  26.     <html>
  27.     <head>
  28.         <title>ReflectedXSS Demo</title>
  29.     </head>
  30.     <body>
  31.     <script>
  32.         let user = "admin";
  33.         let password = "password"
  34.         document.cookie = encodeURIComponent(user) + ' ' + encodeURIComponent(password);
  35.     </script>
  36.     <hr>
  37.     <form action="/xss">
  38.         <label for="test">Search:</label>
  39.         <input type="text" id="test" name="search_value"></input>
  40.         <input type="submit"></input>
  41.     </form>
  42.     <hr>
  43.     </body>
  44.     </html>`)
  45. }
  46.  
  47. func main() {
  48.  
  49.     http.HandleFunc("/xss", reflectedXSS)
  50.     http.HandleFunc("/", index)
  51.     http.ListenAndServe(":3000", nil)
  52.  
  53. }
  54.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement