Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down

by MKmoderate in Challenge Help about October 5, 2017 open - report

XSS 2 - Basic 41

Hey All,

I've asked about this before. But I'm having trouble with the injection aspect. Nothing from OWASP's filter evasion cheat sheet for XSS works. It seems like it's using htmlspecialchars() or htmlentities() which would lead me to UFT-7 injection but the header is already set forcing UTF-8, so no dice. Should I be focusing on event based injection?

Will I be able to get an alert as a proof of concept, or is the PoC going to have to be a cookie stealer due to the design of the challenge? That should give me some insight on exactly what type of resource I might use to transfer the cookies to my stealer.


Answers: 2 • Score 0 • Views: 1325
Browse by
  • 2

    by newbieGuy about March 7, 2018

    All I know is you must create a webserver and create a cookie stealer script.

    • Score: 0
  • 116

    by Nightraven about October 6, 2017

    Hello sir. Can you send me a PM with your injection and where you inject it? Then I can give you pointers. I'm not entirely sure what you are doing.

    • Score: 0
You must login to post an answer.