Posts Cybertalents xCorp Web Challenge Writeup

Cybertalents xCorp Web Challenge Writeup


X corp made a new filtration for input data, prove it is secure enough.

‌Difficulty: Easy

Challenge Link:


It an easy challenge will make you encounter with a reflected XSS vulnerability.

First, you have a parameter called name which the only one in the page. we can add a random value and see where it reflects.

we notice here that our payload is reflected in an image attribute and also it missing a single quote.

What we can do here to trigger an XSS simply we can fix the tag and our own attribute.

like this:


And we will get the flag once we trigger the alert.

This post is licensed under CC BY 4.0 by the author.