hi :D
but in headers, content-type: text/html, this allowed to execute HTML tags in this page , so I've created an XML file with XSS payload and upload it on my website https://knassar702.github.io/xss.xml
this my write up about my bug I've found on ibm.com, first I get URLs from web.archive.org on ibm.com by using waybackurls tool and I got this URL
https://www-356.ibm.com/partnerworld/wps/servlet/pwdyn/pw/rss/rsstojson.jsp?ccdb=no&rssurl=https://www-2000.ibm.com/file.xml&_=1596170198353
this endpoint include XML file from rssurl parameter and covert the content from XML to jsonp
and add the link of the file in rssurl parameter
test
ReplyDelete