Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down
27

by MKmoderate in Challenge Help about October 5, 2017 open - report

XSS 2 - Basic 41

Hey All,

I've asked about this before. But I'm having trouble with the injection aspect. Nothing from OWASP's filter evasion cheat sheet for XSS works. It seems like it's using htmlspecialchars() or htmlentities() which would lead me to UFT-7 injection but the header is already set forcing UTF-8, so no dice. Should I be focusing on event based injection?

Will I be able to get an alert as a proof of concept, or is the PoC going to have to be a cookie stealer due to the design of the challenge? That should give me some insight on exactly what type of resource I might use to transfer the cookies to my stealer.

Thanks!

Answers: 2 • Score 0 • Views: 516
Browse by
  • 2

    by newbieGuy about March 7

    All I know is you must create a webserver and create a cookie stealer script.

    • Score: 0
  • 118

    by Nightraven about October 6, 2017

    Hello sir. Can you send me a PM with your injection and where you inject it? Then I can give you pointers. I'm not entirely sure what you are doing.

    • Score: 0
You must login to post an answer.