반응형
https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-innerhtml-sink
Lab: DOM XSS in innerHTML sink using source location.search | Web Security Academy
This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML ...
portswigger.net
[문제]
[풀이]
검색 결과를 확인해서 xss를 진행한다.
소스코드를 확인한다.
검색하게되면 밑줄에 값이 들어간다.
</span><img src=x onerror=alert(1)><span>이렇게 집어넣으면 될 것 같다.
반응형
