Xss on conflict https://cnf409.me/tags/xss/ Recent content in Xss on conflict Hugo en-us <a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a> Sun, 12 Apr 2026 00:00:00 +0000 🇬🇧 FCSC 2026 - 10 Fast Fishers https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/ Sun, 12 Apr 2026 00:00:00 +0000 https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/ <h3 id="table-of-contents">Table of Contents</h3> <ul> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#introduction">Introduction</a></li> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#tldr">TLDR</a></li> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#infrastructure-analysis">Infrastructure Analysis</a> <ul> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#the-application">The Application</a></li> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#the-bot">The Bot</a></li> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#useful-observations">Useful Observations</a></li> </ul> </li> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#hijacking-the-trusted-iframe">Hijacking the Trusted iframe</a> <ul> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#the-weak-esource-check">The weak e.source check</a></li> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#navigating-the-inner-frame-to-aboutblank">Navigating the inner frame to about:blank</a></li> </ul> </li> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#10-fast-fishers-1-weird-fish">10 Fast Fishers, 1 Weird Fish</a></li> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#gone-fishing">Gone Fishing</a></li> <li><a href="https://cnf409.me/posts/2026/04/fcsc-2026-10-fast-fishers/#conclusion">Conclusion</a></li> </ul> <h1 id="introduction">Introduction</h1> <p>10 Fast Fishers is a 1-star web challenge from FCSC 2026. The application is a typing game: fish swim across an aquarium, each carrying a word and a text formatting command.</p> <p>You type a word, click the fish and the corresponding <code>document.execCommand()</code> is applied to the selected text in a <code>contenteditable</code> editor.</p>