Hi, Everyone.
So, you are now done with Solution of Level 1 : Hello, World of XSS . And the next level you will have to deal with is Level 2 : Persistence is Key. This post has a solution to Google's XSS game Level 2 : Persistence is Key.
Description as per the Game :
So, you are now done with Solution of Level 1 : Hello, World of XSS . And the next level you will have to deal with is Level 2 : Persistence is Key. This post has a solution to Google's XSS game Level 2 : Persistence is Key.
Description as per the Game :
Web applications often keep user data in server-side and, increasingly, client-side databases and later display it to users. No matter where such user-controlled data comes from, it should be handled carefully.Mission Objective of the Game :
This level shows how easily XSS bugs can be introduced in complex apps.
Inject a script to pop up anSolution To The Game :alert()in the context of the application.
Note: the application saves your posts so if you sneak in code to execute the alert, this level will be solved every time you reload it.
There are several many ways to solve this xss problem. As there is a status box to share a status which doesn't filter tags like <a></a> , and there is an easy way to exploit xss using <a onhover: > option. So, i go to the input box enter these query <a onmouseover="alert(9);" href="#">Place mouse here</a> . No hover our mouse on the text "Place mouse here" and should get a alert box with 9 in it.
This level can be solved using other several method too, such as using onerror option of <img> tag. The query <img src=x onerror=alert(9)> will also give a alert box with 9 in it.
No comments:
Post a Comment