: I found some weird exploit I call it 'Meta-jacking'. So this website I found has a meta with content="" and whatever you type in the description displays your text in the content. So I took

I call it 'Meta-jacking'.

So this website I found has a meta with content="" and whatever you type in the description displays your text in the content. So I took advantage of this and typed:

0;//wwww.google.com"http-equiv="refresh"

and sure enough it redirected to google, is this some sort of XSS?

10.01% popularity Vote Up Vote Down

: SEO and dynamic structured data (microdata) I'm wanting to have a very limited amount of structured data (ideally microdata) added using javascript, especially using the document's lastModified

@Marchetta884

Posted in: #JsonLd #Microdata #Seo #StructuredData

1 Comments

: Will Google skip nav tags when considering what content to use as page descriptions? Pre-HTML5 we used div and ul tags to markup navigation bars and a lot of times the navigation is at the

@Marchetta884

Posted in: #GoogleSearch #Html5 #Navigation #Serps

4 Comments

: What is the next step of creating a Django website after "startproject mySite"? I would like to start web designing using django! but Whenever i type "django-admin.py startproject mySite" in cmd

@Marchetta884

Posted in: #301Redirect #Dns #Google #Search

1 Comments

: Can I set up alerts for when a CDN is down? My client use a CDN on their website. Sometimes the CDN is not properly working and images aren't loading. Can I automatically get a notification

@Marchetta884

Posted in: #Cdn #Notification

2 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Goswami781

Yes, that's pretty much a textbook example of XSS. When a site takes input and then serves it back to you in an executable manner, the site is vulnerable because a ne'er-do-well can direct a victim to the legitimate website in such a way that malicious code is "injected" into the session. The user thinks they are safe because the site is legitimate, HTTPS encrypted, etc. -- but since they were sent there by a malicious source leveraging the XSS vulnerability, the session is compromised.

This is exactly why we tell people not to click links in email.

10% popularity Vote Up Vote Down

Feed

: I found some weird exploit I call it 'Meta-jacking'. So this website I found has a meta with content="" and whatever you type in the description displays your text in the content. So I took

More posts by @Marchetta884

: SEO and dynamic structured data (microdata) I'm wanting to have a very limited amount of structured data (ideally microdata) added using javascript, especially using the document's lastModified

: Will Google skip nav tags when considering what content to use as page descriptions? Pre-HTML5 we used div and ul tags to markup navigation bars and a lot of times the navigation is at the

: What is the next step of creating a Django website after "startproject mySite"? I would like to start web designing using django! but Whenever i type "django-admin.py startproject mySite" in cmd

: Can I set up alerts for when a CDN is down? My client use a CDN on their website. Sometimes the CDN is not properly working and images aren't loading. Can I automatically get a notification

Login to post a comment!

1 Comments

Back to top | Use Dark Theme