Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

5
Why is server side XSS such an unexplored bug class?
Post Flair (click to view more posts with a particular flair)
Analysis
Post Body

A lot of web servers typically use rendering engines or headless browsers like phantom to process things like HTML and JavaScript. When the attack class was first discovered it was only shown as a proof of concept in PDF generation but they can crop up in so many more places. There's even things like second order server side XSS where one XSS payload that's stored and shown to clients is escalated to a server side XSS if the server dynamically renders it in a headless browser and executes the HTML or JS on the server. It seems like it's fairly unexplored and would make for an interesting research paper or blog.

Author
User Suspended
Account Strength
0%
Suspended 7 months ago
Account Age
n/a
Verified Email
No
Verified Flair
No
Total Karma
266
Link Karma
n/a
Comment Karma
n/a
Profile updated: 4 days ago
TheCrazyAcademic

Subreddit

r/AskNetsec

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
1 year ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/AskNetsec/c...