Level 7 | A3 Cross-Site Scripting (XSS)
You have some kind of a login form. You want to make a prank on Twitter. You want to add a h1 to the page and share it with your Twitter followers so they can see that you can modify the page as it pleases you. You do not really want to cause harm.
Do some magic and add <h1>YOUR NAME HERE</h1> in a way that people who visit the link you provide will the heading.
Target:
Tools:
- Firefox
Notmal behavior
When you submitt any credentials you'll get Wrong credentials :) error. Looking to the page source you'll find interesting html code as follwoing
<input type="hidden" value="/ctf2/exercises/ex7.php" name="action">
The value is refering to the current script url so if you try to add any value to that url, it'll be reflected into this hidden value
as you can see it's true
<input type="hidden" value="/ctf2/exercises/ex7.php/KINGSABRI" name="action">
This issue comes with using PHP_SELF. From PHP.net manual
'PHP_SELF'
The filename of the currently executing script, relative to the document root. For instance, $SERVER['PHPSELF'] in a script at the address http://example.com/foo/bar.php would be /foo/bar.php. The __FILE constant contains the full path and filename of the current (i.e. included) file.
So let's to add our name as requested!
http://ctf.infosecinstitute.com/ctf2/exercises/ex7.php/'><h1>KINGSABRI</h1>"
