Added XXE vulnerability

2021-03-02 20:57:11 +02:00
parent fee6e985c3
commit 1283970bea
6 changed files with 66 additions and 18 deletions
--- a/project1/templates/login.html
+++ b/project1/templates/login.html
@ -8,6 +8,9 @@

    <div style="color:red" id=message></div>

+    <p>
+        Want to abuse the broken access control vulnerability and view all products without logging in? <a href="/?filter=%">Click here</a>
+    </p>
    <script>
        function xss_inject() {
            var img = "https://www.freepnglogos.com/uploads/hacker-png/hacker-interpol-arrests-suspected-anonymous-hackers-motley-5.png";