Created
August 30, 2012 13:05
-
-
Save bubba-h57/3528113 to your computer and use it in GitHub Desktop.
Stripe CTF Level 4 - Solution XSS/XSRF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This is a nice little XSS/XSRF challenge. The goal here is to get that karma_fountain to send you some karma, which in turn will let you view their password. | |
| When registering a new account, you can insert malicious code into the password field, which will then be displayed once you send someone karma because the application is designed to show users your password once they receive karma. | |
| In this situation they're including JQuery, so it makes our lives even easier when trying to make requests. The idea is to inject some malicious code into the karma_fountains page that will automatically make them transfer you some karma. | |
| I went and created a new user named 'bubba' with the password: | |
| '<script>$.post("transfer", { to: "bubba", amount: "2" } );</script>' | |
| So, now that you can login, send some karma to the karma_fountain and wait... eventually the karma_fountain user will view their page and your injected code will force them to transfer karma to the user 'whoop'. | |
| Refresh your page until you can view karma fountain’s password on the right. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment