Differences
This shows you the differences between two versions of the page.
|
isc:labs:07 [2024/11/18 09:50] florin.stancu |
isc:labs:07 [2024/11/20 10:17] (current) radu.mantu |
||
|---|---|---|---|
| Line 149: | Line 149: | ||
| To workaround that, simply change XSS injection strategy to use ''onerror'' attribute on a invalid image, e.g.: | To workaround that, simply change XSS injection strategy to use ''onerror'' attribute on a invalid image, e.g.: | ||
| ''%%<img src='/404' onerror='alert("hello")'>%%'' | ''%%<img src='/404' onerror='alert("hello")'>%%'' | ||
| + | </note> | ||
| + | <note warning> | ||
| + | DO NOT EDIT the entire ''%%<div class="ql-editor" contenteditable="true">%%'' element! The JavaScript WISIWYG editor has internal reference to this node, and if you invalidate it, the editor will become broken (and the exploit won't work!!!). | ||
| + | |||
| + | The proper way is to choose a inner ''%%<p>%%'' (just write some random text inside the editor beforehand) and edit that instead! | ||
| </note> | </note> | ||
| Line 157: | Line 162: | ||
| * Unfortunately, **there's no flag for this one**, you just need to prove you modified the slogan using XSS! | * Unfortunately, **there's no flag for this one**, you just need to prove you modified the slogan using XSS! | ||
| - | <spoiler You you've never used JS DOM API: expand> | + | <spoiler If you've never used JS DOM API: expand> |
| <code html> | <code html> | ||
| // note: you need to concatenate this as a one-liner when injecting as 'onerror' | // note: you need to concatenate this as a one-liner when injecting as 'onerror' | ||
