bypass XSS in redirection

s3c
s3c
Apr 25 · 1 min read

Hello everyone, today i am going to show you how to bypass window.location.href from redirection,

so you may know that we can’t execute code in redirection like window.location.href or other type of redirection,

so how can we execute code in redirection?

to do that we need change the URL to invalid URL like only type http and stop the redirection to execute code,

ok but i can’t handle that URL, i can only change the path of URL.

well, i have found a way that you can change the valid URL to invalid URL in chrome and you can stop that redirection by adding %00 after the path of URL

for example: https://example.com/%00

so if you add window.loaction=”https://example.com/%00" in your code the page will not redirect you in chrome browser.

Video:

https://www.youtube.com/watch?v=10BgC3Zjt1g

demo: http://s3c-krd.tk/xssed.php?path=%2500%27onmouseover=%27window.stop();alert(document.domain)%27style=%27font-size:1000px;background-color:red%27

Note: Please if you can do that in other browsers comment down below

s3c

Written by

s3c