inH1THM

Password reset poisoning via dangling markup

1️⃣ Leaving the <img> tag open

  • Some websites block malicious JavaScript.

  • If you don’t close the <img> tag, the browser may auto-complete it incorrectly and execute your script.

  • Example:

    <img src=x onerror=alert('XSS')

2️⃣ Using ?/ in URLs

  • Some websites don’t handle URLs correctly.

  • Adding ?/ might trick the website into returning more data than expected.

  • Example:

    <https://example.com/email?/>

This might expose all emails instead of just one!

PreviousHTTP Host header attacksNextCross-Site Request Forgery [CSRF]

Last updated