frncscrlnd's writeups

Writeups from challenges and CTFs i take part in.

---

Project maintained by frncscrlnd Hosted on GitHub Pages — Theme by mattgraham

Stage 7

What you have to do:
Inject the following JavaScript command: alert(document.domain);

Hint: nearly the same… but a bit more tricky.

The code looks fine; since the hint tells us this challenge is nearly the same as Stage 6, we’ll have to look for some kind of escaping or encoding, not only to the textbox input, but also to tags and attirbutes. However, typing the same payload as Stage 6 ("onclick="alert(document.domain)") (pay close attention to closing the double quotes ") after the value attribute and clicking (or hovering for onmouseover) will complete the challenge: