Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
XSS via Go CGI Libraries Improper Content-Type Handling
redteam pentesting - Zurück zur ÜbersichtPosted 5 Years Ago- CGI (command gateway interface) is essentially an API, but differs in that it is meant for lower level operations. FastCGI and CGI are libraries in the Go language for the case of this article.
- Differences between parsers can cause major issues when dealing with the security of an application. This is a well known fact! When it comes to HTTP, another example of this exists known as HTTP Request Smuggling.
- When requesting something via the CGI directly, the default Content-Type (type of the file being sent) is NOT the png or anything else. Instead, it defaults to text/html. See where this is going?
- Because the default type is set to text/html anything directly called by the CGI is now vulnerable to XSS, if the content can be controlled.
- This is super interested because it is a XSS on ALL sites that use this functionality, not just a particular site!
