5
Guys wanted to understand the following logic of an xss challenge they were doing
So because when I put <script>alert(1);</script> does not work but when I put </script><script>alert(1);</script> the message appears, why?
The code Below generates HTML in an unsafe way. Prove it by Calling
alert(1).function escape(s) { // Warmup. return '<script>console.log("'+s+'");</script>'; }
Link challenge: http://escape.alf.nu/0/
1
Inside this function you have an HTML string.
This string has the opening tag <script> and will receive content that the user inserts.
If you place the closing tag of this script inside the content you insert </script> then you will "cheat the code" and you can add a new opening tag <script> and put whatever you want in it.
In your first example <script>alert(1);</script> the result is:
return '<script>console.log("<script>alert(1);</script>");</script>';
where the last </script> is discarded by browser.
In your second example, you interrupt the console.log syntax and generate HTML with the script tag you inserted and stay like this:
<script>console.log("</script><script>alert(1);</script>");</script>
the first block <script>console.log("</script> gives syntax error, but the browser still runs the next block <script>alert(1);</script> which gives the Alert.
Browser other questions tagged javascript security-guard xss
You are not signed in. Login or sign up in order to post.
");alert(1)//– user622
Because what you type becomes a string for
console.log(""). Then closes the string with", closes the method with), puts a;for the next command, which is thealertand then comment on the rest with//not to give script error– user622
Solved your problem?
– durtto
@Gabriels. It might even be
");alert("Done!and still enjoy the quotation marks at the end :)– Bacco