Forum Discussion

netcat's avatar
netcat
Icon for Bronze III rankBronze III
11 days ago

Human Connection Challenge: Season 1 – Web Exploitation - XSS

Question: Identify a reflected XSS vulnerability on the web application that reveals a token in the error message. There are a few forms on the web page: / -> submit reloads /, the attachment isn'...
help & support
  • edgarloredo's avatar
    edgarloredo
    11 days ago

    For the XSS, I would recommend you to test all of the available fields, one of them is the one and you should see the token in the same page, if it redirects to the main page, then that was not the correct field. Tip, try your script in all the fields at the same time!

    Directory Traversal, you need to find a url with something like /test?field=something.txt, this could be an indicate of path traversal.

    For SQL, only extract data is possible no modifications are allowed.

netcat's avatar
netcat
Icon for Bronze III rankBronze III

I'll take another look, with the summary of three answers: Try all fields, including those that don't display anything.
Yet, I never saw an error message when putting invalid data in other fields than the member login. In my opinion these fields should lead to the answer. I mean, there's an error message with the user input:

(sqlite3.OperationalError) near [...]: syntax error [SQL: SELECT [...] FROM [...] WHERE username = [...]<script>alert(1)</script>[...]

Is this just a rabbit hole placed entertainment? Nobody could get past it?

miclib's avatar
miclib
Icon for Bronze II rankBronze II
11 days ago

Look at what the error returning is trying to tell you. Sometimes we look for one thing and another gift falls in our lap.