Ok Boomer PwnFunction teaches you about DOM Clobbering technique which allows you to execute XSS by writing normal HTML tags
let’s analyze the code first
The code uses a library called DOMPurify which should sanitize the user’s input and remove all dangerous code that might lead to XSS attacks, the library right now is at version 2.3.6 but the one implemented in the game is at version 2.0.7
But then, there’s a timeout function that takes a variable called “ok” and call it after 2 seconds, the weird thing is that variable not defined at all.
Let me explain a bit more, when we use a variable called “ok”, we can define it either by var x for example or create an element with id=x and when you call the variable x, it will automatically get the value attribute of the element x.
which means, if we create an element like the following
<a id=someObject><a id=someObject name=url href=//malicious-website.com/evil.js>
now let’s edit it according to our needs
<a id=ok href=mailto:alert(1)>
so we specified the id as “ok” in order for our browser to create a variable called ok (which what we need)
then the default value that will be called is the href, and i tried multiple ways but none of them worked except when i do the this:here syntax, so i used mailto but you can use what ever one you like.
And that’s all for Ok Boomer Pwnfunction XSS Level