Hi Everyone.
I’m really happy to see that you all are enjoying this forum. It’s an acknowledgment of my assiduity.

It’s an XSS challenge (GAME) for everyone. Let’s see who can do it.

Go to: http://104.129.171.125/xss-ct1/

Note:

• The challenge in under this path /xss-ct1/
• POC done by automation XSS tools are not accepted.

Scoreboard

The result is based on the explanation of the problem and the manual injection technique.

1. @Shouvo
2. @Exploit-Baba

Thanks.

Did you get something? Bro !
@Sameull @Kharap_Atta @Shouvo

akhn o na

Tried…

"><img src=1.gif onerror=alert(document.cookie)>
"><img src=1.gif onerror=alert(document.domain)>
"><img src=1.gif onerror=alert('XSS')>
"/><svg/onload=prompt(document.domain)>
/><script>prompt(document.domain)</script>

not working

Got it… but no popup

yaaaap…no popup

HI @Shouvo Yes it is hard to make popup… but if you try to do closer like popup or browser alert; It is accepted. Nice try @Exploit-Baba

Does the expected solution work on modern browsers?

in windows 10 , browser alert not showing … i think

Firefox in linux detects the url reroute if it’s executing an script

@1337

@Shouvo @santner In modern web browser it may not works… In windows 10 you can use Internet Explorer with disabling XSS filter. To Disable:

Follow these steps to disable XSS filter.

a. Open Internet Explorer and click on Tools .
b. Click on Internet Options and then select Security tab .
c. Click on Custom level .
d. Under Scripting select disable XSS filter and click Ok .
e. Close the window and restart Internet Explorer.

Then I am done :3 How can send the POC?

@santner Great.
Inbox me.

i think this challenge is vulnarable
you must think about that …

Googling will help

@Shouvo Try a little bit… You can generate the popup.

only internet explorar or any browser show this ?

I got the popup in Internet Explorer -7…