XSS Challenge Journey Level (1-5)

Enterprise 2023-09-08 19:45:24 views: null

Table of contents

Level 1

 Level 2

 Level 3

 Level 4

 Level 5

 Level 6

 Level 7

Level 1

No defensive detection:

Directly construct the url: http://192.168.8.150:88/level1.php?name= <script>alert(1)</script>

Play through

 Level 2

First, I tried the same method as the first level and found that I couldn't pass it.

Check the page source code and find that <> is escaped, but it is not escaped at the value. Try to use the value as the output point. 

Close the < on the left and then inject

"> <script>alert(1)</script> 

 Level 3

First, I tried the same method as the previous level and found that I couldn't pass it.

Checking the source code of the page, I found that all < and > were escaped in the source code this time. But single quotes as closing characters are not encoded.

So we are advanced and closed, write an on event 'onclick='alert(1) to bypass, this event is to put the mouse on the input window to trigger the event, that is, the injection is successfully bypassed.

 Level 4

Enter the test statement <SCRscriptIPT>'"()Oonnjavascript; Check the source code of the page and find that it filters out <>, but there are both single quotes and double quotes, and the double quotes are still closed symbols.

 We still use the on function to bypass, but the single quotes are replaced by double quotes.

"οnclick="alert(1)

 Level 5

Enter the test statement <SCRscriptIPT>'"()Oonnjavascript;

Check the page source code and find that On is filtered, indicating that the time cannot be built and case conversion cannot be used.

Make a pseudo-protocol to trigger (hyperlink): "><a href ="javascript:alert(1)">click me </a>

Click to complete the level.

 Level 6

Enter the test statement <SCRscriptIPT>'"()Oonnjavascript;

Check the page source code and find that the filtered results are the same as those of the previous level.

 We can try the payload from the previous level and find that it cannot be clicked. Then take a closer look at the source code.

Here we find that the href is filtered, we can try to convert the href to upper and lower cases.

 Make a pseudo-protocol to trigger (hyperlink): "><a hREf ="javascript:alert(/pig/)">click me </a>

Click through levels

 Level 7

Enter the test statement <SCRscriptIPT>'"()Oonnjavascript;

Checking the page source code, we found that there is only one script and one on left. Here we consider using double writing to bypass it.

Double write bypass:"><SCRscriptIPT>alert(/pig/)</SCRscriptIPT>

Complete the level

Guess you like

Origin blog.csdn.net/m0_52701599/article/details/129435070
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com