MORE CTFSSSSSS
Recently I've started diving into CTFs and trying my hand at some Bug Bounties. This means that I will need to be writing reports wi...
For further actions, you may consider blocking this person and/or reporting abuse
Your solution for Flag2 is not correct.
Hint: The title of a page is not escaped in the home page.
Solution: Set the title of a page to: <
And then go to the Home page. An alert will show up with this flag.
Hi Paul, It's good to know that there is another approach to this flag. Thanks for showing me another way.
Can you tell me how did you find this solution E.g How'd you reach to that solution
I found it by mistake. I was trying random things and suddenly when I went on the home page, the flag popped up.
I then tried to figure out what caused this flag to appear and found that it was the title of the page. I tried different inputs to see what could make it appear, I found that '<' was the minimal thing I could do.
Thanks
Flag 1 another approach.
You need to do XSS.
Walla!! you get the flag in the pop up
Thank you so much! I was stuck on the explanation given for Flag1 :)
Flag 3 has another approach.
You don't need to add that "flag"-Parameter.
You only have to use another way to inject JavaScript in the code but with a script-tag.
For example, I have add an Image and new Image-Tage in an edited page, and add an alert in onclick. Thats solved this 3rd Flag. For you the solution was only the onclick in your button. ;)
Im recently new to do this and its my first Hacker101 test. You helped me with Flag 1. So I found the answer to Why the Single Quote worked for this flag. Its because of SQL injection here link for more details. Thank you!
netsparker.com/blog/web-security/f...
Glad I could help with the first flag!
A " Fragmented SQL Injection" is not a phrase I've heard so much. Much grateful for the link to more info.