all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Solving the XSS HTB CTF Challenge

Add to bookmarks
Sept. 9, 2023, 6:46 a.m. | Ahmet Talha Şen

System Weakness - Medium systemweakness.com

Solving the Cross-Site Scripting (XSS) HTB CTF Challenge

Created by Lexica.art

Challenge Overview

We are presented with several scenarios, each demonstrating different aspects of XSS attacks. The goal is to find and exploit the XSS vulnerabilities to retrieve the flags.

Scenario 1: Extracting Cookie Information

In this scenario, we have a POST request to index.php, which reflects our input in the response. We need to modify our payload to extract the cookie data instead of displaying the URL.

Payload

POST …

bugbounty-writeup ctf-writeup cybersecurity htb-writeup web app security

Visit resource

More from systemweakness.com / System Weakness - Medium

The Future of Programming: A Look at Emerging Languages Shaping Software Development 1 day, 8 hours ago | systemweakness.com
address article changing development +14
Cyber Detectives Unite: Advanced Tools for Web Security 1 day, 8 hours ago | systemweakness.com
bug bounty computer science cybersecurity ethical hacking +1
Mittre Att&ck‘s User Manual 2 days, 4 hours ago | systemweakness.com
adversary amp att attacks +22
Unveiling the Hidden: A Guide to Passive Subdomain Enumeration 2 days, 4 hours ago | systemweakness.com
bug bounty hacking security technology +1
Limit Requests to EC2 Instances to Cloudflare Only IPs 2 days, 4 hours ago | systemweakness.com
aws aws lambda cloudflare security +1
Canary Codes for Curious Minds 2 days, 4 hours ago | systemweakness.com
canary tokens hacking ip address location +1
Zero Trust Network Access 3 days, 2 hours ago | systemweakness.com
least privilege microsegmentation network security virtual private network +1
Ransomware-as-a-Service: Democratizing Digital Destruction and How to Fortify Your Defenses 3 days, 2 hours ago | systemweakness.com
as-a-service attacks businesses critical +24
Detecting Mobile Threats: Indicators of Compromise 3 days, 2 hours ago | systemweakness.com
business compromise continue cybersecurity +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cybersecurity Engineer

@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
View on infosec-jobs.com

Invoice Compliance Reviewer

@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
View on infosec-jobs.com

Technical Program Manager II - Compliance

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence

@ Moonshot | Washington, District of Columbia, United States
View on infosec-jobs.com

Customer Engineer, Security, Public Sector

@ Google | Virginia, USA; Illinois, USA
View on infosec-jobs.com
View more jobs