4

【XSS-Game】 Level 1 - Hello, world of XSS

2 years ago

source link: https://exp-blog.com/safe/ctf/xss-game/level-1-hello-world-of-xss/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Hello, world of XSS

在 Search 框输入任意内容，如 exp，会跳转到输出页面 ?query=exp，并把搜索内容回显到页面。

测试输入 <img src=0 />，发现页面未经过滤直接输出：

这就好办了，直接构造 payload 即可：

<script>alert("exp")</script>

payload.js : 下载

Recommend

About Joyk

Aggregate valuable and interesting links.
Joyk means Joy of geeK