Scribd Logo
Upload

Welcome to Scribd!

  • XSS Game - Me and The Bois - PwnFunction

    Uploaded by

    Sup' Tan'
    37 views2 pages

    Original Title

    XSS Game - Me and the Bois _ PwnFunction

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    37 views2 pages

    XSS Game - Me and The Bois - PwnFunction

    Uploaded by

    Sup' Tan'

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Pwn() XSS Game  

    Me and the Bois


     Let's Go!  

    Difficulty is Medium.
    Pop an alert(1337) on sandbox.pwnfunction.com.
    No user interaction.
    Cannot use https://sandbox.pwnfunction.com/?html=&js=&css=.
    Tested on Chrome.
    Unintended solution? DM me @PwnFunction.

    <!-- Challenge -->


    <div id="bois">
    </div>

    <script>
    /* Variables */
    let safeTags = ['a', 'area', 'b', 'br', 'col', 'code', 'div', 'em', 'hr', 'h1
    let forbiddenAttrs = ['style', 'srcdoc']
    let cssSafe = /[^a-zA-Z0-9\s\-\,\:\_\(\)\{\}\"\'\.\#\;\%]/g

    /* Inputs */
    let boi = `<h1>${(new URL(location).searchParams.get('boi')) || 'Neo'}</h1>`
    let clean = DOMPurify.sanitize(boi, { ALLOWED_TAGS: safeTags, FORBID_ATTR: for
    let bois = document.getElementById('bois')
    bois.innerHTML += clean;

    /* Custom Style JSON */


    let custom = (new URL(location).searchParams.get('custom')) || ""
    custom = custom.replace(cssSafe, '')
    if (custom) {
    customStyles = JSON.parse(custom)
    let comment = document.createComment(customStyles)
    bois.appendChild(comment)
    }

    /* Configuration */
    window.CONFIG = {
    color: "lime",
    backgroundColor: "#000"
    }
    </script>

    <script>
    /* Generic Style Setter */
    function styleSetter(styles, execStr) {
    for (var style in styles) {
    if (styles.hasOwnProperty(style)) {
    eval(execStr)
    }
    }
    }

    /* Default Styles */
    window.DEFAULTS = {
    borderRadius: "5px",
    fontFamily: "Space Mono",
    fontWeight: "700",
    letterSpacing: "4px",
    padding: "20px",
    textAlign: "center",
    width: "500px"
    }
    styleSetter(DEFAULTS, `CONFIG[style] = styles[style]`)

    /* Custom Styles */
    if (window.customStyles) {
    styleSetter(customStyles, `CONFIG[style] = customStyles[style]`)
    }

    /* Stylise! */
    styleSetter(CONFIG, `bois.firstElementChild.style[style] = CONFIG[style]`)
    </script>

    You might also like