We are back with Day 5 of the “ Advent of Cyber” event by TryHackMe. If you
haven’t solved the Previous Day challenge click here.
This
challenge is again based on Web Exploitation and the task is named Pesky Elf
Forum. TryHackMe Web Exploitation Pesky Elf Forum XSS
Learning Objectives:
- What is an XSS vulnerability?
- What Types of XSS vulnerabilities are there?
- Challenge Walkthrough.
What is an XSS vulnerability?
Cross-Site Scripting, better known as XSS in the
cybersecurity community, is classified as an injection attack where malicious
JavaScript gets injected into a web application with the intention of being
executed by other users.
If you can get JavaScript to run on
a victim’s computer, there are numerous things you can achieve. This can range
from stealing the victim’s cookies to take over their session, running a
keylogger that will log every key the user presses on their keyboard while
visiting the website, redirecting the user to a totally different website
altogether or performing some kind of action on the website such as placing an
order, or resetting their password etc.
What types of XSS vulnerabilities are there?
- DOM
- Reflected
- Stored
- Blind
Let’s Get Started..
1. What flag did you get when you disabled the plugin?
Login using Username: McSkidy Password: password
Leave a comment on any post as Follow
<a
href="https://www.kumaratuljaiswal.in">kumaratuljaiswal.in</a>
Once your comment is posted, you’ll see that the word ‘kumaratuljaiswal.in’ has been underlined.
This means the comment is reflected as you wrote it without the
underline HTML tags being stripped out. As this isn’t being stripped out, you
can try the HTML script tags instead to see if the website will run any
JavaScript that is entered.
Using the URL, you found
earlier for changing the user’s password, you can try the following
payload:
<script>fetch('/settings?new_password=pass123');</script>
The <script> tag tells the browser we want to run some
JavaScript, and the fetch command makes a network request to the specified
URL.
After posting the above as a comment, you could view the
webpage source to see whether it has been shown correctly. The screenshot
below shows us that the script tags aren’t being
stripped out or disabled and, in fact, are working:
Now that we have this XSS running on the forum, it means that any logged
in users viewing the thread will automatically have their password changed to
pass123. So let’s log out and see if the Grinch has visited the thread by
trying to log in as them (It may take up to a minute before the Grinch visits the page and their
password changes).
Username: grinch
Password: pass123
Once logged in, go to the settings page again, and this
time, you’ll discover another feature with the option to disable the Christmas
to Buttmas plugin.
Disable the plugin, and you’ll be awarded a flag.
Done :-)
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.
0 comments:
Post a Comment
For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.