Forum Discussion

Silver III

7 months ago

Solved

Human Connection Challenge: Season 1 – Web Exploitation - XSS

Question: Identify a reflected XSS vulnerability on the web application that reveals a token in the error message. There are a few forms on the web page: / -> submit reloads /, the attachment isn'...

help & support

edgarloredo
7 months ago
For the XSS, I would recommend you to test all of the available fields, one of them is the one and you should see the token in the same page, if it redirects to the main page, then that was not the correct field. Tip, try your script in all the fields at the same time!
Directory Traversal, you need to find a url with something like /test?field=something.txt, this could be an indicate of path traversal.
For SQL, only extract data is possible no modifications are allowed.

edgarloredo

Bronze II

7 months ago

For the XSS, I would recommend you to test all of the available fields, one of them is the one and you should see the token in the same page, if it redirects to the main page, then that was not the correct field. Tip, try your script in all the fields at the same time!

Directory Traversal, you need to find a url with something like /test?field=something.txt, this could be an indicate of path traversal.

For SQL, only extract data is possible no modifications are allowed.

Forum Discussion

Human Connection Challenge: Season 1 – Web Exploitation - XSS

Featured Places

Help & Support Forum

Related Content

What is the Human Connection Challenge?

Human Connection Challenge: Season 1 – Windows

Human Connection Challenge: Season 1 – Web Exploitation

Pen Test CTFs: Jinja2 Exploitation

Cross-Site Scripting: Ep.6 – Further Exploitation

Recent Discussions

Foundational Static Analysis: API Analysis step 10

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Snort Rules: Ep.9 – Exploit Kits

Snort Rules: Ep.7 – Lokibot Infection Traffic

Pen Test CTFs: Artica Shipping Company