teodoran
commented
2 years ago Solved by the inclusion of an admin user password, that can be retrieved using XXS.
Closed teodoran closed 2 years ago
teodoran
commented
2 years ago Solved by the inclusion of an admin user password, that can be retrieved using XXS.
Part 3, Cross Site Scripting (XSS), is missing a flag for the workshop participants to find. It would be neat if this was added.
The flag should be retrievable by using XSS, so one would need to create a bot that regularly accesses the site as another user, and triggers an action that can be exploited using XSS. One option is to have this user store the flag in local storage, or as a global JavaScript variable.
In addition, one would need to create a new XSS vulnerability in the Sticky Notes solution. One option would be to let the application logo image URL be configured from an URL in the database. If this is changed, then one should be able to perform an XSS attack using the img-tag.