Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nikolai Antonov2017-01-09 20:49:50
JavaScript
Nikolai Antonov, 2017-01-09 20:49:50

Why did the xss attack work in this example?

Problem #4 from the xss game website .
Answer: if you insert it into the form, ');alert('xssthen the alert will work. That data will be substituted into the function as the "seconds" argument:

function startTimer(seconds) {
        seconds = parseInt(seconds) || 3;
        setTimeout(function() {
          window.confirm("Time is up!");
          window.history.back();
        }, seconds * 1000);

It seems in line 2 the attack itself seems to be happening.
Why doesn't the same code work in this example? example #2 jsfiddle

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dark Hole, 2017-01-09
@abyrkov

BecausestartTimer('');alert('');

Similar questions
Y
Yrets1692021-03-22 15:59:27
How to properly pull from two mysql tables? 3Reply
K
Konstantin Khairov2019-09-01 17:15:34
Why is the speed low when uploading through a caching server (proxy_cache)? 3Reply
R
Rain Summers2015-04-07 12:24:11
phpstorm. How to disable non-disabled "Inspections: cannot resolve file"? 5Reply
F
Fyodor Buzinov2015-04-14 12:52:57
Nginx: redirect from https to http? 5Reply
A
AlexStartsev2017-04-13 12:46:13
What are the current TODO plugins for Sublime Text 3? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question