Web - Client

Thursday 30 August 2018, 01:47  #1
Web - Client : XSS - Reflected
addql
addql
  • 2 posts

Hey, guys.
I might need your help :).
I ’ve spent a lot of time on this challange but still without success.
I found only 3 places on the entire site where users input is rendered but 2 of them are seemingly flawless.
The remaining one is prone to xss and i was able to execute the code but all of triggers are user-based and i dont seem to find any
other way to do it automatically. I was looking into js-code stored on the site but all i got is just a better/worse version of my
previous code execution techniques.

need a hint. thank you in advance.

Thursday 30 August 2018, 11:27  #2
Web - Client : XSS - Reflected
addql
addql
  • 2 posts

ok i figured it out.

small tip: bot acts like a real user

Monday 22 October 2018, 20:16  #3
Web - Client : XSS - Reflected
iRRePReSSiBLe
iRRePReSSiBLe
  • 2 posts

Hi addql!
Could you help me, please?
What you meant by saying "bot acts like a real user"?

Thanks!

Tuesday 23 October 2018, 09:49  #4
Web - Client : XSS - Reflected
Th1b4ud
Th1b4ud
  • 1636 posts

He means you have to test all the possibility. There is a nice list for your test : https://www.w3schools.com/tags/ref_eventattributes.asp

Thursday 1 November 2018, 21:26  #5
Web - Client : XSS - Reflected
Boris
Boris
  • 11 posts

i have some events, but then what ? any hint ?

New reply New reply   New topic New topic