Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down
1

by x0000000000000000000000000000000000000 in Challenge Help about April 19, 2017 open - report

Basic 41 XSS

Please help, I can't figure it out and I fail a class if I can't figure this out. I've tried using <script> tags, escaping with single quotes, escaping with double quotes, ending the function, and I CANNOT get any code to execute. I've read every thread on the forums, and nobody actually answers anything. Yes, I've read the XSS guides, so please don't just link https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet, because I've tried everything on there and I'm just stuck. Please help.

I've inspected the DOM and sources at every step of the way, I just can't escape the string.

Here's some of what I've tried:

'<script>

'+<script>

'+alert

'+'}), (and other variations to try and add another function)

I've tried manipulating the $page variable

I am just stuck, and I need this challenge to get my degree, so could anyone point me in the right direction please?

Answers: 3 • Score 0 • Views: 971
Browse by
  • 3

    by blackmailer about August 3, 2017

    found it

    • Score: 0
  • 3

    by blackmailer about August 1, 2017

    I'm also stuck on this challenge. I got a working injection, I've got a stealer that is working and I know how to change the cookie. However the cookie is abit weird? 

    • Score: 0
  • 118

    by Nightraven about April 20, 2017

    Hello. You need a cookie stealer and a domain to put it. That should be a good hint ;)

     

    Also, if the injection is valid it will let you know, but you need to include the variable that holds the cookie info!

You must login to post an answer.