![Marchetta884](https://vmapp.org/images/player/000default.jpg)
: I found some weird exploit I call it 'Meta-jacking'. So this website I found has a meta with content="" and whatever you type in the description displays your text in the content. So I took
I call it 'Meta-jacking'.
So this website I found has a meta with content="" and whatever you type in the description displays your text in the content. So I took advantage of this and typed:
0;//wwww.google.com"http-equiv="refresh"
and sure enough it redirected to google, is this some sort of XSS?
More posts by @Marchetta884
1 Comments
Sorted by latest first Latest Oldest Best
Yes, that's pretty much a textbook example of XSS. When a site takes input and then serves it back to you in an executable manner, the site is vulnerable because a ne'er-do-well can direct a victim to the legitimate website in such a way that malicious code is "injected" into the session. The user thinks they are safe because the site is legitimate, HTTPS encrypted, etc. -- but since they were sent there by a malicious source leveraging the XSS vulnerability, the session is compromised.
This is exactly why we tell people not to click links in email.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2025 All Rights reserved.