Skip to content

Instantly share code, notes, and snippets.

Last active January 15, 2024 14:11
Show Gist options
  • Save Sankalpa-Acharya/a7b905ea59ac3f621e164a40cedcc77c to your computer and use it in GitHub Desktop.
Save Sankalpa-Acharya/a7b905ea59ac3f621e164a40cedcc77c to your computer and use it in GitHub Desktop.
Solution of XSS Challenges [Archive - 2015] By Mazin Ahmed

Breaking out of js object and adding alert function will not work here beacuse

parent.Arbiter.inform("data", {"id":"});

This particular JS code is making an error at first which will then not allow our alert function to execute.

So now what's the error ?
Arbiter is undefined in code so accessing anything from it will cause error.

In JavaScript, Hoisting refers to the process whereby the interpreter appears to move the declaration of functions, variables or classes to the top of their scope, prior to execution of the code.
Using this concept we can solve this challenge.

// Payload
alert`xss`});function Arbiter(){};//  

Our input is being Reflected in input tag which is hidden

hello" autofocus onfocus=alert('xss') type="text 

Same as Challenge 1

// Payload
alert`xss`});function Arbiter(){};//  

This lab is the combination of CRLF Injection and XSS


This Lab is interesting😉.
We can easily inject

<img src=x onerror=alert('xss')>

in the Referer Header. But the main challenge is how can we send payload in the Referer Header without adding manually?

For this Our domain should be something like this

https://<img src=x onerror=alert('xss')>.com

Which is not possible, But we can definitely do this.<img src=x onerror=alert('xss')>

I used this site to exploit it.

  1. Create your webhook URL
  2. Click on the edit icon which is on the top right hand side.
  3. Change content type to text/html
  4. Paste below code in the body section and save.
<a id="ss" href="" >click me</a>


Your Web Hook URL should be like this<UUID>/<img src=x onerror=alert('xss')>/

When you visit the webhook URL you will be redirected to with an alert pop up.

Thanks For Reading ❤️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment