XSS into a template literal w/ angle brackets, single, double quotes, backslash & backticks Escaped

Link: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-javascript-template-literal-angle-brackets-single-double-quotes-backslash-backticks-escaped

Description:

This lab contains a reflected cross-site scripting vulnerability in the search blog functionality. The reflection occurs inside a template string with angle brackets, single, and double quotes HTML encoded, and backticks escaped. To solve this lab, perform a cross-site scripting attack that calls the alert function inside the template string.

Referensi:

AllAboutBugBounty/Cross Site Scripting.md at master · daffainfo/AllAboutBugBountyGitHub

Proof of concept:

Cek seluruh fitur yang ada
Analisa request dan response disetiap fiturnya
Dari hasil analisa didapati bahwa terdapat beberapa karakter yang bakal di escape unicode seperti karakter \’<>`. Tapi terdapat beberapa karakter yang tidak terescape unicode seperti {}$;(). Maka dari itu, buat payload ${alert(3)}
Terlihat berhasil memunculkan pop-up alert XSS dengan menggunakan payload tersebut

Thanks, Stay Ethical & Happy Hacking! 🍻

PreviousReflected XSS into a JS string with angle brackets and double&single quotes HTML-encoded escape NextAuthentication

Last updated 1 year ago