Web - Client

Sunday 10 May 2020, 13:34  #1
Web - Client XSS reflected
Fideel
Fideel
  • 1 posts

Hi there,

I’m quite stuck with this challenge and I hope someone might give me a hint.

What I did so far:
I’m able to inject code into the "404 not found" page so that the displayed link reacts to events like "onmouseover" or "onclick" and redirects the browser to a local webserver which would save the document.cookie.
Obviously, the admin does not react to this, because I guess as stated in the challenge’s description, he would not click or even hover over a weird link.
Now I tried several non-interactive events like "onload" or "onfocus" but none of them seem to work, so my question is if I’m even going into the right direction and if so, which event may work.

Cheers

Sunday 17 May 2020, 20:16  #2
Web - Client XSS reflected
jam
jam
  • 99 posts

Hi man,

Well, i am now struggling with this task for about couple months. I tried the same ways as above the good man talks about and saw that i could force the user with/without indirectly to be taken the control over the anchor link. I know that is nearly impossible to get around my cheap solution. I styled the anchors position and size, so it can not be seen and it is ready to get the mouse movement. But now honestly, i could not get the damned cookie to my catcher. You know. Some guys mean that it must be the easiest xss all the time in irc. But how ? :) Trying, trying and more trying.

Thx for keeping it simple. sniff :)

Friday 7 August 2020, 18:40  #3
Web - Client XSS reflected
jam
jam
  • 99 posts

hi all,

After a long time, i have seen one thing that can be helpful. There is sure an event that works, but when i test first it works after it has been tested it waits for user’s interaction to refresh the state. Then it works again... Hmm.. I did not tested it for admin’s interaction but the flow is sure the working one..
Hmm.
I am really pretty to know that it might be easy to get this page reflected.. In admin we trust...

Thx for doing excellent things,

Saturday 7 November 2020, 23:45  #4
Web - Client XSS reflected
jam
jam
  • 99 posts

Hi,

At the end, there might be a light, easing the own breath and in the silence there shall be the shadow of self-confidence.

Well, i got the flag. For those guys who are searching for a way out of this business, take care about your payload. Not everything should be visible and clear for this headless browser.

Thx for reading this ramble,
I must say, this was the oldest challenge, i have had ever for months.
So long,

New reply New reply   New topic New topic