Planet DesKel

DesKel's official page for CTF write-up, Electronic tutorial, review and etc.

5 September 2020 write-up: old-23

Link point tag
old-23 200 XSS

Welcome back for more CTF challenge. Today challenge is cross-site scripting (XSS)


Your objective is to inject a simple XSS payload to the query (given by the challenge itself). However, the input has been sanitized or filtered where it only accepts a single alphabet but multiple special characters and numbers. To solve this challenge, I used the null-byte (x00) bypass. Since there is no way we can input the null byte on the input field, the best way is through the URL.<s%00c%00r%00i%00p%00t>a%00l%00e%00r%00t(1);</s%00c%00r%00i%00p%00t>


tags: - xss

Thanks for reading. Follow my twitter for latest update

If you like this post, consider a small donation. Much appreciated. :)


© 2020 DesKel