Hack The World

XSS game: Level 1 Write up 본문

Wargame/XSS game

XSS game: Level 1 Write up

Talkative 2020. 3. 12. 20:12

wargame 에 대한 자세한 설명은 다른 블로그나 글들이 있기에 생략


Level 1 

웹사이트에서 검색을 하는 페이지인거같다.

코드를 살펴보면 다음과 같다.

page_header = """
<!doctype html>
<html>
  <head>
    <!-- Internal game scripts/styles, mostly boring stuff -->
    <script src="/static/game-frame.js"></script>
    <link rel="stylesheet" href="/static/game-frame-styles.css" />
  </head>
 
  <body id="level1">
    <img src="/static/logos/level1.png">
      <div>
"""
 
page_footer = """
    </div>
  </body>
</html>
"""
 
main_page_markup = """
<form action="" method="GET">
  <input id="query" name="query" value="Enter query here..."
    onfocus="this.value=''">
  <input id="button" type="submit" value="Search">
</form>
"""
 
class MainPage(webapp.RequestHandler):
 
  def render_string(self, s):
    self.response.out.write(s)
 
  def get(self):
    # Disable the reflected XSS filter for demonstration purposes
    self.response.headers.add_header("X-XSS-Protection", "0")
 
    if not self.request.get('query'):
      # Show main search page
      self.render_string(page_header + main_page_markup + page_footer)
    else:
      query = self.request.get('query', '[empty]')
       
      # Our search engine broke, we found no results :-(
      message = "Sorry, no results were found for <b>" + query + "</b>."
      message += " <a href='?'>Try again</a>."
 
      # Display the results page
      self.render_string(page_header + message + page_footer)
     
    return
 
application = webapp.WSGIApplication([ ('.*', MainPage), ], debug=False)

 

query 에서 값을 받고 출력해주는거 같다.

따로 필터링이 없기에 기본적인 xss payload 인

<script>alert(1)</script> 를 입력해주면

다음과 같이 alert 창 생성 후 문제해결

'Wargame > XSS game' 카테고리의 다른 글

XSS game : Level 5 Write up  (0) 2020.03.23
XSS game: Level 4 Write up  (0) 2020.03.13
XSS game: Level 3 Write up  (0) 2020.03.13
XSS game: Level2 Write up  (0) 2020.03.12
Comments