Hi, Everyone.
Level 3 was little bit tricky, but this level is tricky and you need to have some knowledge on Javascript as well. Let's get to the solution quickly.
Description As Per The Game :
Level 3 was little bit tricky, but this level is tricky and you need to have some knowledge on Javascript as well. Let's get to the solution quickly.
Description As Per The Game :
Every bit of user-supplied data must be correctly escaped for the context of the page in which it will appear. This level shows why.Mission Objective Of The Game :
Inject a script to pop up a JavaScript alert() in
the application.
Solution To The Game :This challenge has a input box which accepts time for the timer. At first let's enter a random number to check which functions are called and what exactly is going through the app. I first enter a number "3" on the input box and then clicking on create timer takes me to the another page where after 3-seconds time interval a pop-up box show up which alerts a time-up message. After having a look at the source of the page i notice a JS function called startTimer which is responsible and handles all the input. And then there is another interesting code which we can use to inject our code. <img onload="startTimer('300');" src="/static/loading.gif"></img>
We will be injecting our code on this onload function. But first let's see if we can escape from the '100' context from the onload function by inserting a single quote ('), it gives us an error in JS console, which means we have escaped for the context and attacking is possible. Now we inject our code using OR(||) on onload function. So, our injection parameters are 300') || alert ('9 and our full url is https://xss-game.appspot.com/level4/frame?timer=300') || alert ('9
blog2
ReplyDeletepost1
ReplyDelete