Cross-site Scripting (XSS) - Reflected
danbf opened this issue · 1 comments
danbf commented
Hey,
We've found a Cross-site Scripting (XSS) - Reflected at https://httpbin.org
POC
navigate to URL :
https://httpbin.org/base64/ZXhhbXBsZS5vcmciPjxzdmcvb25sb2FkPXByb21wdCgneHNzJyk+
xss will pop up
Impact
attacker is able to execute javascript code on users
danbf commented
the go port solved this by ensuring a text/plain is always returned rather then a text/html