THM Cross site Scripting - grunt92/IT-Sec-WriteUps GitHub Wiki

Room Brief

What does XSS stand for?

Cross-site Scripting

XSS Payloads

Which document property could contain the user's session token?

document.cookie

Which JavaScript method is often used as a Proof Of Concept?

alert

Reflected XSS

Where in an URL is a good place to test for reflected XSS?

parameter

Stored XSS

How are stored XSS payloads usually stored on a website?

Database

DOM Based XSS

What unsafe JavaScript method is good to look for in source code?

eval()

Blind XSS

What tool can you use to test for Blind XSS?

xsshunter

What type of XSS is very similar to Blind XSS?

Stored XSS

Perfecting your payload

What is the flag you received from level six?

Go to https://IP.p.thmlabs.com/. In level 1 enter `<script>alert('THM');</script>' and submit the input to continue to level 2.

In the 2nd level enter "><script>alert('THM');</script> and submit your input to continue to the next level.

In level 3 enter </textarea><script>alert('THM');</script> and submit your input. Continue to the next level.

Enter ';alert('THM');// and submit to continue.

For level 5 enter `alert('THM'); and submit your input.

For level 6 submit /images/cat.jpg" onload="alert('THM'); and you get the flag.

THM{XSS_MASTER}

Practical Example (Blind XSS)

What is the value of the staff-session cookie?

For this task i had to use the Attack-Box. Just follow the instructions and use the given link to decrypt the hash.

4AB305E55955197693F01D6F8FD2D321

⚠️ **GitHub.com Fallback** ⚠️