Forum Discussion

netcat's avatar
netcat
Icon for Silver III rankSilver III
7 months ago
Solved

Human Connection Challenge: Season 1 – Web Exploitation - XSS

Question: Identify a reflected XSS vulnerability on the web application that reveals a token in the error message. There are a few forms on the web page: / -> submit reloads /, the attachment isn'...
help & support
  • edgarloredo's avatar
    edgarloredo
    7 months ago

    For the XSS, I would recommend you to test all of the available fields, one of them is the one and you should see the token in the same page, if it redirects to the main page, then that was not the correct field. Tip, try your script in all the fields at the same time!

    Directory Traversal, you need to find a url with something like /test?field=something.txt, this could be an indicate of path traversal.

    For SQL, only extract data is possible no modifications are allowed.

audeyisaacscba's avatar
audeyisaacscba
Icon for Bronze II rankBronze II
7 months ago

>Still, my best guess would be to insert a user "<script>alert()</script>" in the database. Then I can display the user list to trigger the script.

I had the same thought and wasted a bit of time on it haha. Worth bearing in mind that the question specifies 'reflected xss' and not 'persisted xss'. It might be possible, but that's not how I ended up getting this one.

Suggest using burp repeater and try every single form input available on the site, at least one of them works - possibly one you have tried already ;)