Differences

This shows you the differences between two versions of the page.

Link to this comparison view

isc:labs:07 [2024/11/18 09:50]
florin.stancu
isc:labs:07 [2024/11/20 10:17] (current)
radu.mantu
Line 149: Line 149:
 To workaround that, simply change XSS injection strategy to use ''​onerror''​ attribute on a invalid image, e.g.: To workaround that, simply change XSS injection strategy to use ''​onerror''​ attribute on a invalid image, e.g.:
 ''​%%<​img src='/​404'​ onerror='​alert("​hello"​)'>​%%''​ ''​%%<​img src='/​404'​ onerror='​alert("​hello"​)'>​%%''​
 +</​note>​
 +<note warning>
 +DO NOT EDIT the entire ''​%%<​div class="​ql-editor"​ contenteditable="​true">​%%''​ element! The JavaScript WISIWYG editor has internal reference to this node, and if you invalidate it, the editor will become broken (and the exploit won't work!!!).
 +
 +The proper way is to choose a inner ''​%%<​p>​%%''​ (just write some random text inside the editor beforehand) and edit that instead!
 </​note>​ </​note>​
  
Line 157: Line 162:
   * Unfortunately,​ **there'​s no flag for this one**, you just need to prove you modified the slogan using XSS!   * Unfortunately,​ **there'​s no flag for this one**, you just need to prove you modified the slogan using XSS!
  
-<​spoiler ​You you've never used JS DOM API: expand>+<​spoiler ​If you've never used JS DOM API: expand>
 <code html> <code html>
 // note: you need to concatenate this as a one-liner when injecting as '​onerror'​ // note: you need to concatenate this as a one-liner when injecting as '​onerror'​
isc/labs/07.1731916235.txt.gz ยท Last modified: 2024/11/18 09:50 by florin.stancu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0