Given Code Snippet:
User input is passed in ‘name’ parameter straight to the ‘innerHTML’ so it would be rendered by browser for example inserting ‘<h1>asdf</h1>’ makes ‘asdf’ bold in browser, so ‘HTML’ tag is parsed correctly.
After that easy-eval.js is called again to reinitalize the script and execute code in it.
Paweł Wąsik and I worked together to understand and identify the JS code and the vulnerability respectively. This challenge seems to be quite interesting and we were able to gain new knowledge from it.
Thanks Richard for providing an excellent explanation that greatly contributed to our understanding of the subject.
Refer to this thread to gain a better understanding.
Connect with us at -