๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ

๋“œ๋ฆผํ•ต xss-21

[wargame] ๋“œ๋ฆผํ•ต xss-2 ๋ฌธ์ œํ’€์ด ๊ฒ‰๋ณด๊ธฐ์—” xss-1 ์˜ˆ์ œ์™€ ๋น„์Šทํ•˜๋‹ค. xss-1 ์˜ˆ์ œ์—์„œ๋Š” memo ํŽ˜์ด์ง€ ์—”๋“œํฌ์ธํŠธ์— document.cookie๋กœ ์ฟ ํ‚ค๋ฅผ ํƒˆ์ทจํ•ด ํŒŒ๋ผ๋ฏธํ„ฐ๋กœ ๋ณด๋‚ด์ฃผ์—ˆ๋‹ค. ์ด๋ฒˆ์—๋„ ๋˜‘๊ฐ™์ด ํ•ด์ฃผ์—ˆ์ง€๋งŒ...FLAG๊ฐ€ ์–ป์–ด์ง€์ง€ ์•Š๋Š”๋‹ค...(OMG๐Ÿฅน) ๊ฑฐ์ €๋จน๊ธฐ ์‹คํŒจํ–ˆ์œผ๋‹ˆ ์ฒ˜์Œ๋ถ€ํ„ฐ ์ฝ”๋“œ๋ฅผ ์‚ดํŽด๋ณด์ž ํŒŒ์ผ์„ ๋‹ค์šด ๋ฐ›์•„ app.py๋ฅผ ์—ด์–ด์ฃผ๋ฉด vuln ํŽ˜์ด์ง€์™€ memo ํŽ˜์ด์ง€ ๋ชจ๋‘ render_template์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š” ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค.@app.route("/")def index(): return render_template("index.html")@app.route("/vuln")def vuln(): return render_template("vuln.html") render_template ํ•จ์ˆ˜๋ž€?Flask ์›น.. 2025. 3. 6.

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”