Description: You have some kind of a login form. You want to make a prank on Twitter. You want to add a h1 to the page and share it with your Twitter followers so they can see that you can modify the page as it pleases you. You do not really want to cause harm.
Do some magic and add <h1>YOUR NAME HERE</h1> in a way that people who visit the link you provide will the heading.
Vulnerability: A3 Cross-Site Scripting (XSS)
Take a good look at the form
You need to take advantage of the PHP_SELF flaw
There is a hidden input in the form that stores the current URL with PHP_SELF. Target that.
Another XSS bug, ok, let’s analyze. I put random username and password then click Login, Wrong Credentials show on the top, not working. So I look for the source code, there is one line I suspect.
<input type="hidden" value="/ctf2/exercises/ex7.php " name="action"></input>
So I try to change the value to something else like /ctf2/exercises/ex7.php/index.php but not work, so I figure it out to change in the url
Everytime I change in the url, the source code change, you can analyze it with Web Developer Add-on in Inspector menu or Firebug Add-on.
Resources and Tools:
1. OWASP A3 Cross-Site Scripting (XSS) – https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting
2. Web Developer Firefox Add-on – https://addons.mozilla.org/en-us/firefox/addon/web-developer/