Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down
26

by MKmoderate in Challenge Help about October 5 open - report

XSS 2 - Basic 41

Hey All,

I've asked about this before. But I'm having trouble with the injection aspect. Nothing from OWASP's filter evasion cheat sheet for XSS works. It seems like it's using htmlspecialchars() or htmlentities() which would lead me to UFT-7 injection but the header is already set forcing UTF-8, so no dice. Should I be focusing on event based injection?

Will I be able to get an alert as a proof of concept, or is the PoC going to have to be a cookie stealer due to the design of the challenge? That should give me some insight on exactly what type of resource I might use to transfer the cookies to my stealer.

Thanks!

Answer: 1 • Score 0 • Views: 168
Browse by
  • 103

    by Nightraven about October 6

    Hello sir. Can you send me a PM with your injection and where you inject it? Then I can give you pointers. I'm not entirely sure what you are doing.

    • Score: 0
You must login to post an answer.