当前位置：网站首页>XSS challenge (6-10) more detailed answers

XSS challenge (6-10) more detailed answers

2022-06-30 14:18:00 【Huaxi GG】

LEVEL 6

Insert picture description here
After capturing the package of this question, it is found that the keyword has been replaced ,script src on All replaced
000
The words here , You can try to bypass the case “><iframe Src=javascript:alert(/xss/)”>
So neat , You can go through （ It did , I didn't cut it off -_-)
Insert picture description here
LEVEL 7

Conventional thinking , Clostridium input Build after tag script label ">

Find out script Deleted

Try double write bypass ">alert(/xss/)

LEVEL 8

Insert picture description here

f12 Found entered in url Has been inserted in the following links
So try it directly javascript:alert(/xss/)

Find out javascript Replaced , After many attempts , Find out src script And other fields are replaced
So the use of TAB Tab bypass %09

js You can insert tabs in the links of the code without affecting the operation
payload: javascr%09ipt:alert(/xss/)
Insert picture description here

LEVEL 9

Insert picture description here
Compared with the last one , Added http:// Field detection , The only way to get around here is to use comments and add http://
payload: javascript:alert(/xss/)//http://
there r Used html Entity encoding is used to bypass the pair script The escape of , As used before to filter sensitive characters specialchars() Will be <> Such characters are converted into entity codes
Insert picture description here

LEVEL 10

Found after testing <> Encoded by entities , There is only one output point , But after many attempts, I still can't pass , So check f12
Insert picture description here
Found that there was a form Forms , So build payload
123&t_sort=test" type=“text” οnmοuseοut="alert(/xss/)
Pop-up window