반응형
XSS 실습하기 위하여 XSS-game이란 사이트에서 문제를 풀어보았다.
XSS game
Welcome, recruit! Cross-site scripting (XSS) bugs are one of the most common and dangerous types of vulnerabilities in Web applications. These nasty buggers can allow your enemies to steal or modify user data in your apps and you must learn to dispatch the
xss-game.appspot.com
검색창에 아무거나 입력해보았다.
페이지 소스코드
class MainPage(webapp.RequestHandler):
def render_string(self, s):
self.response.out.write(s)
def get(self):
# Disable the reflected XSS filter for demonstration purposes
self.response.headers.add_header("X-XSS-Protection", "0")
if not self.request.get('query'):
# Show main search page
self.render_string(page_header + main_page_markup + page_footer)
else:
query = self.request.get('query', '[empty]')
# Our search engine broke, we found no results :-(
message = "Sorry, no results were found for <b>" + query + "</b>."
message += " <a href='?'>Try again</a>."
# Display the results page
self.render_string(page_header + message + page_footer)
return
application = webapp.WSGIApplication([ ('.*', MainPage), ], debug=False)Get방식으로 쿼리가 전달되고있다.
가장 기본적인 xss 공격을 해보자
<script>alert(1);</script>
반응형
'Write-Up > XSS-game' 카테고리의 다른 글
| [XSS game] xss-game level 6 (0) | 2021.01.26 |
|---|---|
| [XSS game] xss-game level 5 (0) | 2021.01.26 |
| [XSS game] xss-game level 4 (0) | 2021.01.26 |
| [XSS game] xss-game level 3 (0) | 2021.01.26 |
| [XSS game] xss-game level 2 (0) | 2021.01.26 |