[D3CTF 2019]babyxss
| ID: | 13863 |
|---|---|
| 标题: | [D3CTF 2019]babyxss |
| 描述: | xss? seriously? Check out the CSP plz admin is using the latest Chrome released. You may want to look into chrome://components portable sodium chloride |
| 类型: | WEB |
| 网站: | NSSCTF |
| 题目链接: | https://www.nssctf.cn/problem/1204 |
| 赛事: | D3CTF |
| 年度: | 2019 |
| Flag值: | 无 |
| writeup: |
https://yyolanda07.github.io/2019/04/13/Web-BabyXSS/ (网页2详细描述了通过XSS平台获取管理员token的完整过程,包括使用BurpSuite截获数据包、构造恶意脚本读取管理员cookie,最终成功访问admin.php获取flag的步骤验证) 2 |