OWASP Security Shepherd Project - Cross Site Scripting 5 (XSS Challenge)
Challenge
Solution
As the same logic in challenge 4, let's see how good the URL validation is.Let's try to input http.
Not working. The web application use default url instead of our input to display webpage.
Let's move one step forward by trying http:.
It works!! Now, we know that http: could pass the validation.
We could then start to ask ourselves how to make the response to be something like <a href="http..." onxxx=...>.
Input http://a".b.c to see if it still able to pass URL validation.
Good! Let's go on and try http://a" onselect=alert('XSS') .b.c.
Well, it seems that nothing is filtered and this should give us a XSS, but it is not. Let's check the response again carefully. We could notice that the second " is in red with firebug view, but it should be in blue. As a result, we could guess that the second " is escaped.
Let's input http://a"" onselect=alert('XSS') .b.c.
Great! The challenge is completed.
留言
張貼留言
Welcome to share your comments or questions : -)
Enjoy life!