frncscrlnd's writeups

Writeups from challenges and CTFs i take part in.

---

Project maintained by frncscrlnd Hosted on GitHub Pages — Theme by mattgraham

Stage 4

What you have to do:
Inject the following JavaScript command: alert(document.domain);

Hint: invisible input field.

While looking a the code we stumble upon an “hidden” input field, as the hint suggests:

Let’s change the type back to  "text":

A textbox will now be reflected in the webpage:

We’ll now deliver the payload through this textbox as we did for Stage 2: "><script>alert(document.domain)</script>.