2

【xss-quiz】 Stage - 1

 2 years ago
source link: https://exp-blog.com/safe/ctf/xss-quiz/stage-1/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

【xss-quiz】 Stage

注: xss-quiz 不能跳关,只能循序渐进。

水题。题目要求是执行 JS 脚本 alert(document.domain);

不难发现在 Search 框输入的内容,不会做任何过滤直接输出到页面:

01.png

那么只需要构造以下 payload 到 Search 框,点击 Search 按钮即可完成挑战。

javascript
<script>alert(document.domain);</script>
02.png

本题用 Chrome 浏览器无法完成挑战(会被拦截),用 Firefox 则可完成挑战。

03.png

payload: 下载


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK