Skip to content

Commit

Permalink
Merge pull request #13 from PortSwigger/safari-special-characters-fix…
Browse files Browse the repository at this point in the history 
…-quot

Safari allows quots as valid subdomain
  • Loading branch information
@d0ge
d0ge authored Sep 26, 2024
2 parents 1048cad + 8c14ecc commit 62d5bc7
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/domain_allow_list_bypass.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,13 @@
"tags": ["URL", "HOST", "CORS"],
"id": "8314214777d8c03c8b560cf05e31b90b35a72100"
},
{
"payload": "<allowed>.\".<attacker>",
"description": "Safari allows \" as subdomain http://<allowed>.\".<attacker>/",
"filters": [],
"tags": ["URL", "HOST", "CORS"],
"id": "3a40c89cb26a9e502030db755f0b7f5a3a0fca95"
},
{
"payload": "<allowed>.(.<attacker>",
"description": "Safari allows ( as subdomain http://<allowed>.(.<attacker>/",
Expand Down

0 comments on commit 62d5bc7

Please sign in to comment.