Portswigger - Stored XSS into HTML context with nothing encoded solution

728x90

댓글 기능에 저장형 XSS 취약점이 포함되어 있어 alert 함수를 호출하라 한다.

아무 게시물에 들어가 댓글에 <script> alert(0);</script>를 작성해 주면

게시물에 들어갈 때마다 alert함수가 호출된다.

728x90

Portswigger - DOM XSS in jQuery selector sink using a hashchange event solution (0)	2023.09.01
Portswigger - DOM XSS in jQuery anchor href attribute sink using location.search source solution (0)	2023.08.25
Portswigger - DOM XSS in innerHTML sink using source location.search solution (0)	2023.08.25
Portswigger - DOM XSS in document.write sink using source location.search solution (0)	2023.08.24
Portswigger - Reflected XSS into HTML context with nothing encoded solution (0)	2023.08.24

#include<hack.story>