05 2020 档案

摘要:Portswigger web security academy:Stored XSS Stored XSS into HTML context with nothing encoded 题目要求 提交评论,调用alert函数 解题过程 直接祖传payload就行 Stored XSS into a 阅读全文
posted @ 2020-05-29 21:58 autumnnnnnnnnn 阅读(429) 评论(0) 推荐(1)
摘要:Portswigger web security academy:Reflected XSS Reflected XSS into HTML context with nothing encoded 题目要求 调用alert函数 解题过程 请求: url/?search=asd 返回: <h1>0 阅读全文
posted @ 2020-05-29 21:57 autumnnnnnnnnn 阅读(1293) 评论(0) 推荐(1)
摘要:Portswigger web security academy:DOM Based XSS DOM XSS in document.write sink using source location.search 题目描述 搜索功能点调用了document.write函数,借此函数调用alert 解 阅读全文
posted @ 2020-05-23 14:19 autumnnnnnnnnn 阅读(498) 评论(0) 推荐(0)