Local File read via xss in dynamically genearated pdf

Introduction 本文介绍了如何利用xss读取服务器文件,并将其打印在pdf。 https://xyz.com/payments/downloadStatements?Id=b9bc3d&utrnumber=xyz&date... utrnumber存在xss injection point. Payload 1: 在下载的pdf中,发现aaaa. <p id="test" »

Story of a JSON XSS

假设存在如下injection_point, content_type: text/html. { "xxx": true, "yyy": [injection_point] } Payload 1 - Failure yyy=test<haha> 但是injection_point会将<> HTML转置. { "xxx" »