原题：

？，你是在问我吗？？？你是在怀疑我的能力吗？？？
解题链接： http://ctf1.shiyanbar.com/basic/xss/

打开题目瞅瞅

首先被这个墨绿的底色吓到了，看了下题目给出的URL

http://www.test.com/NodeMore.jsp?id=672613&page=2&pageCounter=32&undefined&callback=%2b/v%2b%20%2bADwAcwBjAHIAaQBwAHQAPgBhAGwAZQByAHQAKAAiAGsAZQB5ADoALwAlAG4AcwBmAG8AYwB1AHMAWABTAFMAdABlAHMAdAAlAC8AIgApADwALwBzAGMAcgBpAHAAdAA%2bAC0-&_=1302746925413

看到了%2b/v%2b%20%2b自然想到这货已经被转码了，那么先做个URL解码，戳我进入在线解码地址

解码后的文本为：

http://www.test.com/NodeMore.jsp?id=672613&page=2&pageCounter=32&undefined&callback=+/v+ +ADwAcwBjAHIAaQBwAHQAPgBhAGwAZQByAHQAKAAiAGsAZQB5ADoALwAlAG4AcwBmAG8AYwB1AHMAWABTAFMAdABlAHMAdAAlAC8AIgApADwALwBzAGMAcgBpAHAAdAA+AC0-&_=1302746925413

然后分析这个网址，很明显能看出callback是本次XSS要获取的参数，分析等号后面的内容

+/v+ +ADwAcwBjAHIAaQBwAHQAPgBhAGwAZQByAHQAKAAiAGsAZQB5ADoALwAlAG4AcwBmAG8AYwB1AHMAWABTAFMAdABlAHMAdAAlAC8AIgApADwALwBzAGMAcgBpAHAAdAA+AC0-

很有特征的加密方式，+/v+，+******-，看起来是UTF7加密方式，没找到解密UTF7的网址，不过解Base64也可以，戳我在线解码

解密

ADwAcwBjAHIAaQBwAHQAPgBhAGwAZQByAHQAKAAiAGsAZQB5ADoALwAlAG4AcwBmAG8AYwB1AHMAWABTAFMAdABlAHMAdAAlAC8AIgApADwALwBzAGMAcgBpAHAAdAA+AC

得到

<script>alert("key:/%nsfocusXSStest%/")</script>

所以key为：/%nsfocusXSStest%/

填到框里点submit，得到答案为%nsfocusXSStest%

回到题目页面，填入答案，搞定30分

发完文章后收到了某大神的提示，对此题做简单解析，用到神器，戳我前往

首先把代码粘进去，用decodeURIComponent进行解析，然后用UTF7 Decode解析，得到答案

http://www.test.com/NodeMore.jsp?id=672613&page=2&pageCounter=32&undefined&callback=+/v+ <script>alert("key:/%nsfocusXSStest%/")</script>-&_=1302746925413

嘛，这是神器QAQ