Intro

Solution to 2020 XSS challenge

The challenge

index.html

/connect.php?client_id=aaa&callback=alert

Writeup

Leveraging JSONP to SOME via HTTP Parameter Pollution

Solution

Execute PoC (35 char, all) Execute PoC (32 char, Firefox only)

Proof of Concept