-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
43 lines (34 loc) · 1.29 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<!doctype html>
<html>
<head>
<title>delet this</title>
<script type="text/javascript" src="https://code.jquery.com/jquery-3.3.1.slim.min.js"></script>
</head>
<body>
<img src="price.jpg" align="right" />
<h1 id="page-title">DELET THIS</h1>
<p>Perform a JavaScript injection attack on this static webpage to remove/replace everything that says:
"<em id="keyword">delet this</em>".</p>
<h2>Intro to Web</h2>
<p>Traditional websites are designed using three languages.</p>
<ul>
<li>
<strong>HTML</strong> is what it says.</li>
<li>
<strong>CSS</strong> is how it looks.</li>
<li>
<strong>JavaScript</strong> is what it does.</li>
</ul>
<p>This page might look super ugly, because it doesn't have any CSS at all.</p>
<p>One of the core functionalities of JavaScript is
<a target="_blank" href="https://www.w3schools.com/js/js_htmldom_document.asp">DOM manipulation</a>.</p>
<div id="note"></div>
<img src="kirby.jpg" />
<script type="text/javascript">
let note = '';
if (document.location.search.includes('note'))
note = new URLSearchParams(document.location.search.substring(1)).get('note');
$('#note').html(note);
</script>
</body>
</html>