Puzzle 01
Bookmarked!PTLAB
PTLAB
PTLAB
PTLAB
This lab presents a puzzle designed to help you trigger a Cross-Site Scripting (XSS) vulnerability. The key to solving this challenge lies in understanding how the Ruby method String#gsub
operates, especially concerning backreferences when a match is found.
To begin, explore the method String#gsub
and pay special attention to backreferences. Examples provided, like "hello".gsub(/l+/, "\0")
and "hello".gsub(/l+/, "\&")
, will be particularly useful. Ensure that you fully grasp why the payload you discover works, as this understanding is crucial for mastering XSS vulnerabilities.