[RT-SA-2020-004] Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting

Click the icon to Follow me:- twitterTelegramRedditDiscord

Posted by RedTeam Pentesting GmbH on Sep 02

Advisory: Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting

The CGI and FastCGI implementations in the Go standard library behave
differently from the HTTP server implementation when serving content.
In contrast to the documented behavior, they may return non-HTML data as
HTML. This may lead to cross-site scripting vulnerabilities even if
uploaded data has been validated during upload.

Details
=======…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source