- Difficulty: Easy
- Skills: Web
Flag0
I created a new page and realized the indexing was weird. The 'test' and 'markdown' page already created is indexed as page 1 and 2 respectively. However, when a new page is created, it is indexed as 10.
This means that page 3 and 9 are missing or hidden. So by editing the page number on the website address, I tried opening pages 3 to 9. All the pages showed 404 except page 6 which displayed a forbidden message.
Looking at how other pages are edited, I noticed a pattern in using their index. So applying a similar concept and opened page 6 in editing mode, getting the flag.
Flag1
The hint in the flag suggested trying out the normal culprits; XSS, SQL injection, path injection. So I went with XSS, adding a script tag in all inputs. I was using < script>intruder()< /script > and pasting it in all the inputs.
I tried creating a new page and for the page title, I input this script tag. When I saved the page, the flag popped up in an alert box.
Flag2
For this flag, I injected an alert code in the button on Markdown test page. On clicking the button, I got the flag from the inspect page.
Flag3
For this flag, I considered SQl injection to examine it. The hint indicates that one needs to try other options lest script tags. In the pages, I added an apostrophe (') at the end of the url and finally got the flag from the edit page.
Top comments (0)