CTF#2 Level 7

Url: http://ctf.infosecinstitute.com/ctf2/exercises/ex7.php

Description: You have some kind of a login form. You want to make a prank on Twitter. You want to add a h1 to the page and share it with your Twitter followers so they can see that you can modify the page as it pleases you. You do not really want to cause harm.
Do some magic and add <h1>YOUR NAME HERE</h1> in a way that people who visit the link you provide will the heading.

Vulnerability: A3 Cross-Site Scripting (XSS)

Solution:

Another XSS bug, ok, let’s analyze. I put random username and password then click Login, Wrong Credentials show on the top, not working. So I look for the source code, there is one line I suspect.

 <input type="hidden" value="/ctf2/exercises/ex7.php " name="action"></input>

So I try to change the value to something else like /ctf2/exercises/ex7.php/index.php but not work, so I figure it out to change in the url

http://ctf.infosecinstitute.com/ctf2/exercises/ex7.php/testing

Everytime I change in the url, the source code change, you can analyze it with Web Developer Add-on in Inspector menu or Firebug Add-on.

inspectorThen I add ‘><h1>MyName</h1> in the url and MyName appear on the web, pass to level 8.

level7

Resources and Tools:
1. OWASP A3 Cross-Site Scripting (XSS) – https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting
2. Web Developer Firefox Add-on – https://addons.mozilla.org/en-us/firefox/addon/web-developer/

0 comments