[BUG] Cheat for Cross Site Scripting Three Level Not Working

Question

[BUG] Cheat for Cross Site Scripting Three Level Not Working

ismisepaul opened this issue 2 years ago · comments

The cheat <input type="button" oncliconcliconcliconcliconclickkkkk="alert('XSS')"/> does not work

Log output

secshep_tomcat   | DEBUG  @ 15 Apr 16:59:08,657 [https-openssl-nio-8443-exec-1] (XssChallengeThree.java:58) - Cross Site Scripting Challenge Three Servlet Accessed
secshep_tomcat   | DEBUG  @ 15 Apr 16:59:08,658 [https-openssl-nio-8443-exec-1] (XssChallengeThree.java:74) - Cross Site Scripting Challenge Three servlet accessed by: yerman
secshep_tomcat   | DEBUG  @ 15 Apr 16:59:08,659 [https-openssl-nio-8443-exec-1] (XssChallengeThree.java:79) - User Submitted - <input type="button" oncliconcliconcliconcliconclickkkkk="alert('XSS')"/>
secshep_tomcat   | DEBUG  @ 15 Apr 16:59:08,659 [https-openssl-nio-8443-exec-1] (XssFilter.java:155) - Filtering input at XSS levelThree
secshep_tomcat   | DEBUG  @ 15 Apr 16:59:08,674 [https-openssl-nio-8443-exec-1] (XssChallengeThree.java:81) - After Filtering - <input type="button" oncliconcliconclickkk="alert('xss')"/>
secshep_tomcat   | DEBUG  @ 15 Apr 16:59:08,674 [https-openssl-nio-8443-exec-1] (FindXSS.java:358) - String to Search: <input type="button" oncliconcliconclickkk="alert('xss')"/>
secshep_tomcat   | DEBUG  @ 15 Apr 16:59:08,676 [https-openssl-nio-8443-exec-1] (XssChallengeThree.java:99) - Adding searchTerm to Html: <input type="button" oncliconcliconclickkk="alert('xss')"/>
secshep_tomcat   | DEBUG  @ 15 Apr 16:59:08,677 [https-openssl-nio-8443-exec-1] (XssChallengeThree.java:109) - Outputting HTML

Paul McCann · Answer 1 · Mon May 16 2022 19:08:20 GMT+0800 (China Standard Time)

fixed in #638