Another level from Pwnfunction XSS and this time with “Jefff” level , let’s start by checking and analyzing the code below
Just like the previous level, the code gets a value from “GET” parameter that is called “jeff” and if it’s empty we will take “JEFFF” as our default value.
then we have an empty value “ma”
After that we use ‘eval’ function ( which is a function that executes javascript code included in a string ) , this function assign the value “Ma name” with the value of jeff, and as you can see this is a JavaScript code that assigns a value to “ma” variable.
and finally we will insert that into the HTML element directly using ‘innerHTML’
Eval is considered a very dangerous function and you should never use it if you can and we will see why.
as we said, ‘Eval’ function executes a JavaScript code from a string, let’s keep that in mind while we are building our value to exploit XSS.
our jeff value is inserted directly into the string, so jeff value needs to be a string and the code in JavaScript code uses the characters ” to open and close the string we will use a single quote (‘)
so let’s see how we will build this inside eval and then we will wrap the value with (‘) to pass jeff as a string
We have the following code in JavaScript
eval(`ma = "Ma name ${jeff}"`)so, first we need to close the string which means it would be ( we will replace ${jeff})
eval(`ma = "Ma name ""`)now we close our first JavaScript line, now it’s time to add our own code which is the alert
eval(`ma = "Ma name ";alert(1337);"`)then we are left with a double quote character that we need to close, so let’s create a new variable
eval(`ma = "Ma name ";alert(1337);var test=""`)and voila! this should be it, but let’s understand how this code is presented cause it looks a bit vague, if we take what’s inside eval function it would look like this
ma = "Ma name ";
alert(1337);
var test=""And now it looks a bit more obvious, the only thing left is to wrap the whole solution with a single quotes to include it in eval function as a string
'";alert(1337);var test="'And that should be it and this is the solution for Jefff PwnFunction XSS Level
Recent Comments