Look at that! jquery 2.2.4 is not the latest version, maybe there is some known cve? Also deparam seems an interesting library but first, let’s go through the challenge quickly: This has nothing to do with the actual challenge, but it ensures that the sanitizing code is executed after the DOMContentLoaded.īut let’s take a step back by looking at the source code.Īt the top of the page, two scripts are loaded: Also note that the challenge code is loaded with a defer attribute. It actually allows other tags like img, but at the same time also strips a lot of attributes to prevent script execution. So the reason out input is sanitized, is because setHTML of the new Sanitizer API is used. So what about the standard payload alert(document.domain)? Obviously this doesn’t work, but why? Once pressed, the input is reflected on the screen. The page welcomes us with a textfield and a button. (At the end of this article you will find a TL DR and the final payload) The ChallengeĪt the time of writing, the challenge page is aviliable here. After going through multiple rabbit🐇 holes, I spend around 20 hours total to finally come up with a solution.Īs usual, I would like to go through my steps again and not only disclosing the results.
I I thought this as a joke, but i ended up spending waaay to much time on this. As soon as my phone got the notification, I knew I would have to cancel my plans for the next two days.
0 kommentar(er)
