OWASP Security Shepherd Project - Cross Site Scripting 2 (XSS Challenge)
Challenge
Solution
First, let's try the 3 attack vectors provided by the lesson and see what would happens in the HTTP response.We could find that onclick will be replaced by o.ick; onerror will be replaced by o.err; javascript: will be replaced by javascr.pt!.
Now, we would like to know if "on" or "script" itself are also blocked by the application.
OK, as the above picture shows, the script: is replaced by scr.pt!, but on is not filtered!
Now, we could go to w3school to find all the possible event attributes(https://www.w3schools.com/tags/ref_eventattributes.asp) and see if there is any possible event which isn't blocked.
During try & error, I find that onselect is not blocked! As a result, let's input <IMG SRC="#" ONSELECT="alert('XSS')"/>.
Cool! We complete this challenge!
Reference
w3school - HTML Event Attributes:https://www.w3schools.com/tags/ref_eventattributes.asp
留言
張貼留言
Welcome to share your comments or questions : -)
Enjoy life!