frncscrlnd's writeups

Writeups from challenges and CTFs i take part in.

Project maintained by frncscrlnd Hosted on GitHub Pages — Theme by mattgraham

Stage 3

What you have to do: Inject the following JavaScript command: alert(document.domain);

Hint: the input in text box is properly escaped.

The textbox input can not hold any payload anymore; this means we have to turn our attention to the select tag: 3.1

as we can see, the content (“Japan”, in this case) of the select tag is reflected onto the page. We now only need to replace any of the countries into <script>alert(document.domain);</script>: 3.2

This text will now be displayed in the dropdown menu: 3.3

Typing anything in the textbox and submitting will complete the challenge.