Ricardo PwnFunction XSS is another simple room but teaches a new concept and new way to launch JavaScript, you can access the game from here
Let’s start by analyzing the code first
the code takes a value from GET parameter called “ricardo” and assigns it to the form’s action
then the code will submit the form automatically after 2 seconds.
so the whole game is on action, now there is a neat trick if you know it already then it’s a very easy level if not then you will learn something new.
The trick is that you can actually put JavaScript code for the form action so instead of submitting the form to a page it will actually run a JavaScript, but how can we do this, simple by putting ‘javascript:’ and then the code you want to execute.
Let’s try this together, so we will put ‘javascript:’ then our alert which will make it something like this
javascript:alert(1337)and that’s it , although you have to wait 2 seconds for the alert box to launch.
And this is the solution for Ricardo PwnFunction XSS, i hope you learnt a new concept that you can use in your XSS hunting or in you web development career
Recent Comments