frncscrlnd's writeups

Writeups from challenges and CTFs i take part in.

---

Project maintained by frncscrlnd Hosted on GitHub Pages — Theme by mattgraham

Stage 9

What you have to do:
Inject the following JavaScript command: alert(document.domain);

Hint: UTF-7 XSS.

Since this is a UTF-7 related XSS, most browser’s won’t support it. Learn more here. Also check this resource out.

You can skip it by opening the console and typing alert(document.domain);. If you want to solve this, open Internet Explorer (version 8 or below, i used 5) and use this payload +ACI-+AD4-+ADw-script+AD4-alert(document.domain)+ADs-+ADw-/script+AD4- (which is "><script>alert(document.domain);</script> encoded as UTF-7). Then, change the value attribute in the charset input tag from euc-jp

to utf-7:

Then, submit the form.