table of Contents
0X01 environment construction
Use PhpStudy to build a micro community program-ROCBOSS
0X02 Directional XSS mining
XSS vulnerabilities can exist in personal data, article publication or comment, etc.
The unknown function of publishing articles is entityized by HTML, and XSS cannot be continued
0X03 blacklist audit
The location of the private message is not materialized, and XSS can be performed, but it is filtered by the blacklist.
No filtering details and ontaggle
0X04 Bypass filtering and trigger XSS
Known programs filter javascript and construct Payload.
"><details open οntοggle=eval("\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert('xss')")><"
Please leave a message if you need source code