🫀XSS Tryhackme
https://tryhackme.com/r/room/axss
Find the vulnerable code:
PHP
If we imagine the following url:
$_GET['q']
has the value table
We could try to alert() the cookie of the page:
JavaScript (Node.js)
The req.query.q
will extract the value of q:
It could the be exploit with the following:
Python (Flask)
request.args.get()
is used to access query string parameters from the request URL so the request.args.get("q")
would have the value table in the following url:
And could simply be abused like this:
ASP.NET
Lets consider the following:
The code above uses Request.QueryString
, which returns a collection of associated string keys and values. In the example above, we are interested in the value associated with the key q
, and we save it in the variable userInput
. Finally, the response is created by appending the userInput
to another string.
Last updated