Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
@
@
@ _ @2021-12-04 05:29:47
PHP
@ _ @, 2021-12-04 05:29:47

XSS bypassing sprintf (Assignment from CTF, no bullshit)?

DISCLAIMER: Quest from CTF. There is no bullshit or malicious intent here.
There is a line of PHP code with the following content

echo sprintf('<form action="%s" method="post">', $_SERVER['PHP_SELF']).PHP_EOL;

How can I bypass sprintf and do XSS injection?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
@
@ _ @, 2021-12-04
@DaniilOLD

Just append to the URL Man, sprintf stupidly inserts the value into the string. It doesn't escape in any way. It would be possible to make simply concatenation. Nothing would have changed.
/"><script>alert(1);</script>

Report
I
index0h, 2021-12-04
@index0h

Won't protect

Report
A
Anton Shamanov, 2021-12-04
@SilenceOfWinter

sprintf - a function for formatting strings, what does data filtering have to do with it? it can be omitted altogether.

echo "<form action=\"$_SERVER['PHP_SELF']\" method=\"post\">";

Similar questions
S
StayAtHome2015-04-01 12:24:02
How to distinguish a web request from a regular page from a request from the extension itself from a Chrome/Opera extension? 4Reply
S
Sergey Kulandin2015-04-20 12:45:33
Is crossfire radeon 7850+7870 stable? 3Reply
T
thehighhomie2018-11-30 12:28:13
Plugin to generate PDF from JavaScript? 4Reply
H
HAtan2020-09-30 15:30:27
How to process a click and record it? 2Reply
M
Matvey Bubenets2017-04-20 04:38:37
How to disable Remote Desktop Licensing? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question