目录
0x00 介绍
题目地址:https://challenge.intigriti.io/
题目的要求是绕过CSP实现XSS,执行alert(document.domain)。
0x01 解决
页面中加载了个script.js:
var hash = document.location.hash.substr(1);if(hash){
displayReason(hash);
}document.getElementById("reasons").onchange = function(e){ if(e.target.value != "")
displayReason(e.target.value);
}function reasonLoaded () { var reason = document.getElementById("reason");
reason.innerHTML = unescape(this.responseText);
}function displayReason(reason){ window.location.hash = reason; var xhr = new XMLHttpRequest();
xhr.addEventListener("load", reasonLoaded);
xhr.open("GET",`./reasons/${reason}.txt`);
xhr.send();
}
这是个典型的DOM XSS,sourc