Level 1
Link:
https://xss-game.appspot.com/level1
Solution
<script>alert('xss')</script>
Result
Analysis
This task needs only the basic knowledge. Lets see why the most primitive injections work here rightaway. Lets do a simple query and inspect the resulting HTML page.
 |
| Using the query with ' as a special character |
 |
| Result of query. The special character ' apears in the result |
 |
| The provided query text is placed directly in a <b> element |
Conclution
- Provided query text passed as a URL query parameter to the second page.
- The special character (') in the query string was not filtered out. This indicates it might be possible to push special characters like <, >, ', ", / which can be used to inject a code.
- Provided text apeared directly inside a <b> tag. Which indicate a script tag would be executed without any problem if it was set in between the <b> and </b>.
Top 5 Casinos in the UK - Mapyro
ReplyDeleteMapyro is an online gambling 아산 출장마사지 platform that offers a 시흥 출장안마 range of casino 사천 출장마사지 games. You can choose from over 2500 casino games from 서산 출장샵 over 광양 출장마사지 1,000 games