This blog contains a write up of the solution I used to solve the XSS challenge “Space XSS I – Web”. This challenge was hosted by coresec, Cybercom Group, kits, hackrone, assured and ESET
Challenge was hosted at URL: https://securityfest.ctf.rocks
<script> var a = "<script>alert(1)</script>"; Hello ! 🙂 </script>
To alert on page we have to close the first <script> by adding </script> in front of our value. So our new xss value will be xss=</script><script>alert(1)</script>
w00t! we got XSS on the website.
Copied URL “http://xss1.zpuoznbj3die.co.uk/?xss=%3C/script%3E%3Cscript%3Ealert%281%29%3C/script%3E” and click on Send XSS link for flag here.
We have to submit the URL that result in alert(1) on this page
Submitted the URL that result in XSS on the webpage and got message “Thanks! We’ll check it out in a while. If your link executes alert(1), the flag will be presented at index.php.”
Clicked on index.php and got the flag