Wargame/BeeBox
Beebox[HTML Injection - Stored (Blog)]
목차
❓ 저장 : 입력한 내용을 게시판 등에 저장하는 것!
1. Low
(1) 공격
![Beebox[HTML Injection - Stored (Blog)] - 1. Low - undefined - (1) 공격 Beebox[HTML Injection - Stored (Blog)] - 1. Low - undefined - (1) 공격](http://t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png)
게시판에 태그를 사용해서 글을 쓰니 등록이 되고 링크도 정상적으로 동작하네요!!
2. Medium High
(1) 소스코드 확인
Low와 동일하게 입력해보았지만 실행이 되지 않네요
![Beebox[HTML Injection - Stored (Blog)] - 2. Medium High - undefined - Beebox[HTML Injection - Stored (Blog)] - 2. Medium High - undefined -](http://t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png)
Medium과 High 모두 htmlspecialchars함수를 호출하네요
![Beebox[HTML Injection - Stored (Blog)] - 2. Medium High - undefined - Beebox[HTML Injection - Stored (Blog)] - 2. Medium High - undefined -](http://t1.daumcdn.net/tistory_admin/static/images/no-image-v1.png)
htmlspecialchars함수는
", ', &, <, >을 UTF-8로 변환해요.
'Wargame > BeeBox' 카테고리의 다른 글
Beebox[OS Command Injection] (0) | 2021.03.29 |
---|---|
Beebox[iFrame Injection] (0) | 2021.03.29 |
Beebox[HTML Injection - Reflected (URL)] (0) | 2021.03.29 |
Beebox[HTML Injection - Reflected (POST)] (0) | 2021.03.27 |
Beebox[HTML Injection - Reflected (GET)] (0) | 2021.03.27 |
댓글