Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package main
- import (
- "fmt"
- "html"
- "net/http"
- )
- func reflectedXSS(w http.ResponseWriter, r *http.Request) {
- param1 := r.URL.Query().Get("search_value")
- // Fix XSS vulnerability
- // param1 = html.EscapeString(param1)
- fmt.Fprintf(w, `<!DOCTYPE html>
- <html>
- <head>
- <title>ReflectedXSS Demp</title>
- </head>
- <body>
- <p> `+param1+` </p>
- </body>
- </html>`)
- }
- func index(w http.ResponseWriter, r *http.Request) {
- fmt.Fprintf(w, `<!DOCTYPE html>
- <html>
- <head>
- <title>ReflectedXSS Demo</title>
- </head>
- <body>
- <script>
- let user = "admin";
- let password = "password"
- document.cookie = encodeURIComponent(user) + ' ' + encodeURIComponent(password);
- </script>
- <hr>
- <form action="/xss">
- <label for="test">Search:</label>
- <input type="text" id="test" name="search_value"></input>
- <input type="submit"></input>
- </form>
- <hr>
- </body>
- </html>`)
- }
- func main() {
- http.HandleFunc("/xss", reflectedXSS)
- http.HandleFunc("/", index)
- http.ListenAndServe(":3000", nil)
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement