Infosecinstitute CTF 2 - LEVEL 7
This will be solution for Level 7 Practical Web Hacking CTF #2.
This level we have a simple login screen, the objective is to exploit a A3 Cross-Site_Scripting, this types of vulnerabilities exploit the interpreter in the browser to achieve client site code execution (Javascript).
The objective is to inset a html tag with our name in it, for that we need to see some details about the implementation.
After close inspection of the url we noticed that a script uses the window.location.href, this lead to the idea that some of that information might be sent to server, for later use, in the attempt to verify this i noticed that a hidden input field with the value of arguments sent in the query string.
Tasks:
- break\ end the hidden tag.
- Create tag with the required string.
- Enjoy level 8 :)