stackoom
  简体   繁体   中英

Reflacted Cross Site Scripting

 原文  2019-12-15 06:01:41       javascript/ json/ xss/ payload

Question

What is the meaning of - before an alert(1) and what is the meaning of // at the end of code? 

<script>
                    var searchTerms = '\\'-alert(1)//';
                    document.write('<img src="/resources/images/tracker.gif?searchTerms='+encodeURIComponent(searchTerms)+'">');
                </script>

1 answers

solution1
 0  2019-12-15 09:34:06

It means to essentially get the negative of the (non-existent) return value of alert(1) .

The last part appears to be an empty regex also serving to escape out the final single quote.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question cross site scripting in JavaScript cross site scripting with Iframe cross-site scripting XMLHttpRequest cross site scripting? Cross site scripting: DOM Cross site scripting? Cross site scripting help? Cross Site Scripting injection Cross Site Scripting Issue Cross site scripting forms
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM