Web - Client

Sunday 1 March 2020, 14:47  #1
Web - Client XSS - DOM Based
Chao
Chao
  • 7 posts

Hello guys,

I am stuck on this challenge for three days. I found a payload that work on my browser but not work on the bot as usual.
I have a question on the message field of the contact page, I found that both the nickname and color fields have a limited number of characters,
so, is the message field completely useless for exploiting? or it can be used to help?

thank you!

Sunday 1 March 2020, 15:57  #2
Web - Client XSS - DOM Based
ElTouco72
ElTouco72
  • 283 posts

don’t bother the message field

Sunday 1 March 2020, 17:10  #3
Web - Client XSS - DOM Based
Chao
Chao
  • 7 posts

Ok, thank you! @ElTouco72

Monday 2 March 2020, 05:51  #4
Web - Client XSS - DOM Based
Chao
Chao
  • 7 posts

finally i found the flag!!!

Monday 2 March 2020, 09:48  #5
[CLOS] Web - Client XSS - DOM Based
Th1b4ud
Th1b4ud
  • 1636 posts

Nice