Doubt exercise of xss

Asked

Viewed 100 times

5

Guys wanted to understand the following logic of an xss challenge they were doing

So because when I put <script>alert(1);</script> does not work but when I put </script><script>alert(1);</script> the message appears, why?

The code Below generates HTML in an unsafe way. Prove it by Calling alert(1).

function escape(s) {   // Warmup.

   return '<script>console.log("'+s+'");</script>';
}

Link challenge: http://escape.alf.nu/0/

  • ");alert(1)//

  • 1

    Because what you type becomes a string for console.log(""). Then closes the string with ", closes the method with ), puts a ; for the next command, which is the alert and then comment on the rest with // not to give script error

  • Solved your problem?

  • @Gabriels. It might even be ");alert("Done! and still enjoy the quotation marks at the end :)

1 answer

1

Inside this function you have an HTML string.

This string has the opening tag <script> and will receive content that the user inserts.

If you place the closing tag of this script inside the content you insert </script> then you will "cheat the code" and you can add a new opening tag <script> and put whatever you want in it.

In your first example <script>alert(1);</script> the result is:

return '<script>console.log("<script>alert(1);</script>");</script>';

where the last </script> is discarded by browser.

In your second example, you interrupt the console.log syntax and generate HTML with the script tag you inserted and stay like this:

<script>console.log("</script><script>alert(1);</script>");</script>

the first block <script>console.log("</script> gives syntax error, but the browser still runs the next block <script>alert(1);</script> which gives the Alert.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.