Readers can refer to and subscribe to the column: Xss-Labs shooting range offensive and defensive combat
posture
Logical backend code:
The letters are lowercased, use the str_replace function to replace <script with <scr_ipt, replace on with o_n, and use the htmlspecialchars() function to filter <>
Build the payload with hyperlinks:
"> <a href=javascript:alert("qiushuo")>秋说</a> <"
"> 及 <"Used to close the preceding tag. The value of the href attribute is javascript:, when the link is clicked, the browser will execute the JavaScript code contained in it, which is shown as a pop-up window here.
After clicking Search, the page echoes:
get:
Summarize
The above is the detailed analysis of [Network Security] xss-labs level-5 problem solving, and the detailed analysis of [Network Security] xss-labs level-6 problem solving will be shared later.
I am Qiu said , see you next time.