[Network Security] xss-labs level-11 problem-solving analysis
Readers can refer to and subscribe to the column: Xss-Labs shooting range offensive and defensive combat
posture
Logical backend code:
The htmlspecialchars function converts special characters into their corresponding HTML entities, so str00 cannot be injected
It is found that str33 is an injection point, which is filtered by str11, and str11 is the referer request header
Therefore, POC can be constructed in the referer request header:
value type="test" onclick="alert(1)"
Summarize
The above is the detailed analysis of [Network Security] xss-labs level-11 problem solving, and the detailed analysis of [Network Security] xss-labs level-12 problem solving will be shared later.
I am Qiu said , see you next time.