Description
X corp made a new filtration for input data, prove it is secure enough.
Difficulty: Easy
Challenge Link: https://cybertalents.com/challenges/web/x-corp
Solution
It an easy challenge will make you encounter with a reflected XSS vulnerability.
First, you have a parameter called name which the only one in the page. we can add a random value and see where it reflects.
we notice here that our payload is reflected in an image attribute and also it missing a single quote.
What we can do here to trigger an XSS simply we can fix the tag and our own attribute.
like this:
1
name=itsfading'onload(alert(0))
And we will get the flag once we trigger the alert.
