Web - Client

Tuesday 13 June 2023, 16:53  #1
Web - Client CSP Bypass - Inline code
Nicolas
Nicolas
  • 3 posts

hi,

when in the url I replace user-input by img/src=x onerror="alert(document.domain)"> :
I removed the < before img otherwise I can’t post this message

http://challenge01.root-me.org:58008/page?user=user-input

http://challenge01.root-me.org:58008/page?user=img/src=x onerror="alert(document.domain)">

nothing is happening, no alert is displayed, the page is loading then I got error message the site is unreachable whereas before replacing user-input it was reachable

Sunday 9 July 2023, 21:15  #2
Web - Client CSP Bypass - Inline code
Wizard-Cracker
Wizard-Cracker
  • 1 posts
New reply New reply   New topic New topic