from parameter pollution to XSS
I’m going to talk about XSS I found on a website.
I noticed that on clicking on any link on the main page it will redirect the user to a page to make sure that the user is aware that this will redirect him/her to another website. the URL looks like this: <redacted>/intersticial.aspx?dest=http://whitelistedWebsite.com
I concluded that the parameter accepts any scheme but a whitelisted website must be added to the scheme.
/intersticial.aspx?dest=data://whitelistedWebsite.com → Accepted
/intersticial.aspx?dest=http://google.com → not Accepted
I tried to add %0a%0d which adds a newline but redirected to a forbidden page.
after that Regex immediately came to my thought for those who don’t know about regex it is a sequence of characters that define a search pattern and can be used at almost any programming language.
so the URL became
Then I noticed that there is a comma added to the URL then added an alert function on the second parameter value and once I clicked acceptar