Readers can refer to and subscribe to the column: Xss-Labs shooting range offensive and defensive combat
posture
Logical backend code:
str33 is the injection point, and str33 is filtered by str11, and str11 is the user agent
Therefore, the user agent is used as the attack point to construct the POC:
value type="test" onclick=alert(1)
Summarize
The above is the detailed analysis of [Network Security] xss-labs level-12 problem solving, and the detailed analysis of [Network Security] xss-labs level-13 problem solving will be shared later.
I am Qiu said , see you next time.