OWASP Security Shepherd Project - Cross Site Scripting 2 (XSS Challenge)

Challenge


Solution

    First, let's try the 3 attack vectors provided by the lesson and see what would happens in the HTTP response.





    We could find that onclick will be replaced by o.ick; onerror will be replaced by o.err; javascript: will be replaced by javascr.pt!.
    Now, we would like to know if "on" or "script" itself are also blocked by the application.



    OK, as the above picture shows, the script: is replaced by scr.pt!, but on is not filtered!
Now, we could go to w3school to find all the possible event attributes(https://www.w3schools.com/tags/ref_eventattributes.asp) and see if there is any possible event which isn't blocked.


    During try & error, I find that onselect is not blocked! As a result, let's input <IMG SRC="#" ONSELECT="alert('XSS')"/>
 

Cool! We complete this challenge!

Reference

w3school - HTML Event Attributes:
https://www.w3schools.com/tags/ref_eventattributes.asp


留言

The Hottest Articles

OWASP Security Shepherd Project - My Practice & Solutions

OSCP回顧 & 準備建議

OWASP Security Shepherd Project - SQL Injection 3 (Injection Challenge)