Web - Client
Tuesday 13 June 2023, 16:53 #1
Web - Client CSP Bypass - Inline code
hi,
when in the url I replace user-input by img/src=x onerror="alert(document.domain)"> :
I removed the < before img otherwise I can’t post this message
http://challenge01.root-me.org:58008/page?user=user-input
http://challenge01.root-me.org:58008/page?user=img/src=x onerror="alert(document.domain)">
nothing is happening, no alert is displayed, the page is loading then I got error message the site is unreachable whereas before replacing user-input it was reachable
New reply
New topic