Forum Discussion

netcat's avatar
netcat
Icon for Bronze III rankBronze III
11 days ago

Human Connection Challenge: Season 1 – Web Exploitation - XSS

Question: Identify a reflected XSS vulnerability on the web application that reveals a token in the error message. There are a few forms on the web page: / -> submit reloads /, the attachment isn'...
help & support
  • edgarloredo's avatar
    edgarloredo
    11 days ago

    For the XSS, I would recommend you to test all of the available fields, one of them is the one and you should see the token in the same page, if it redirects to the main page, then that was not the correct field. Tip, try your script in all the fields at the same time!

    Directory Traversal, you need to find a url with something like /test?field=something.txt, this could be an indicate of path traversal.

    For SQL, only extract data is possible no modifications are allowed.

steven's avatar
steven
Icon for Bronze III rankBronze III
11 days ago

welcome on your journey down the rabbit hole of the secret mysteries in IL Labs :)
my tip (after solving ~2500 labs): sometimes don't think too far, how this is linked to reality. in this lab I agree with you: in reality the attacker would make sure that the XSS would probably be written in a database, to steal e.g. credentials from the victim when he's logging onto a website where the message/content gets loaded. but yes, the rabbit hole in IL labs can be deep and wide and strange ;-)

here the tricky part is, that only one field will react to the XSS. so just put your payload to all fields and hopefully one will respond magically with a token when the page gets loaded again.

regarding path traversal: theres a file which gets "loaded" ... just get the path straight. /etc/passwd is always a good way try and find the hole.

for the SQL injection this is not possible unless you can highjack an update command. so don't waste your time here but use the mighty power of the rabb.. erm... sqlmap. good luck!