This shows you the differences between two versions of the page.
isc:labs:07 [2024/11/18 09:50] florin.stancu |
isc:labs:07 [2024/11/20 10:17] (current) radu.mantu |
||
---|---|---|---|
Line 149: | Line 149: | ||
To workaround that, simply change XSS injection strategy to use ''onerror'' attribute on a invalid image, e.g.: | To workaround that, simply change XSS injection strategy to use ''onerror'' attribute on a invalid image, e.g.: | ||
''%%<img src='/404' onerror='alert("hello")'>%%'' | ''%%<img src='/404' onerror='alert("hello")'>%%'' | ||
+ | </note> | ||
+ | <note warning> | ||
+ | DO NOT EDIT the entire ''%%<div class="ql-editor" contenteditable="true">%%'' element! The JavaScript WISIWYG editor has internal reference to this node, and if you invalidate it, the editor will become broken (and the exploit won't work!!!). | ||
+ | |||
+ | The proper way is to choose a inner ''%%<p>%%'' (just write some random text inside the editor beforehand) and edit that instead! | ||
</note> | </note> | ||
Line 157: | Line 162: | ||
* Unfortunately, **there's no flag for this one**, you just need to prove you modified the slogan using XSS! | * Unfortunately, **there's no flag for this one**, you just need to prove you modified the slogan using XSS! | ||
- | <spoiler You you've never used JS DOM API: expand> | + | <spoiler If you've never used JS DOM API: expand> |
<code html> | <code html> | ||
// note: you need to concatenate this as a one-liner when injecting as 'onerror' | // note: you need to concatenate this as a one-liner when injecting as 'onerror' |