Hi, Everyone.
It seems that you guys are now working on the XSS game challenge by Google. This post has a solution to level 1 Hello, world of XS.
Description as per the Game :
It seems that you guys are now working on the XSS game challenge by Google. This post has a solution to level 1 Hello, world of XS.
Description as per the Game :
This level demonstrates a common cause of cross-site scripting where user input is directly included in the page without proper escaping.Mission Objective of the Game :
Interact with the vulnerable application window below and find a way to make it execute JavaScript of your choosing. You can take actions inside the vulnerable window or directly edit its URL bar.
Inject a script to pop up a JavaScriptSolution To the Game :alert()in the frame below.
Once you show the alert you will be able to advance to the next level.
The solution is pretty easy, there are no any kind of filtering done to texts we input. So, a simple query <script>alert(9)</script> will pop-up a alert with 9 and the level is done.
No comments:
Post a Comment