Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nikolai Antonov2017-01-09 20:49:50
JavaScript
Nikolai Antonov, 2017-01-09 20:49:50

Why did the xss attack work in this example?

Problem #4 from the xss game website .
Answer: if you insert it into the form, ');alert('xssthen the alert will work. That data will be substituted into the function as the "seconds" argument:

function startTimer(seconds) {
        seconds = parseInt(seconds) || 3;
        setTimeout(function() {
          window.confirm("Time is up!");
          window.history.back();
        }, seconds * 1000);

It seems in line 2 the attack itself seems to be happening.
Why doesn't the same code work in this example? example #2 jsfiddle

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dark Hole, 2017-01-09
@abyrkov

BecausestartTimer('');alert('');

Similar questions
P
Pavel Shvedov2015-10-01 21:22:16
Which front-end framework to choose for an enterprise site? 2Reply
I
Igor Myasnikov2018-02-06 18:37:35
How to sort the elements of a list? 1Reply
M
maldoff2018-02-06 18:55:50
How to animate magnificPopup modal on page load? 3Reply
A
Aleksey2020-04-19 03:33:23
HTML2Canvas how to screenshot a map? 0Reply
O
Oleg2015-10-02 00:39:04
How to use the thisArg argument in the ForEach method? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question