Google XSS challenge: Level 5 aka Breaking protocol (detailed walkthrough)
Before getting started one should be familiar with XSS or at least have an idea about it. Here is a good article which you may give a read to understand what is XSS. Read!
💡 Also in this whole series we’ll not even roll our eyes on Hints and Toggle Code as in real world bug hunting not one will give you hints or non obfuscator source code so you have to figure out things yourself.
Cross-site scripting isn’t just about correctly escaping data. Sometimes, attackers can do bad things even without injecting new elements into the DOM.
Inject a script to pop up an alert() in the context of the application.
This one is interesting and easy as well. One thing you’ll notice here is as you click on
signup the URL changes to
level5/frame/signup?next=confirm but what is this
next=confirm. On clicking
next you’ll see the URL changes to
level5/frame/confirm which tells us that
next= is where we’ll be redirected.
While having a look at network tab we click on
signup, we can see following in response tab:
signup?next=confirm request is being made with query
next=confirm and we can see in response tab that the
href is set to the query parameter i.e confirm. Just to make sure this is what is happening you can try
signup?next=hello and you’ll see
After Injecting Payload:
click on next link and Boom! an alert showed up and you cleared the level.
We are not done yet!! We have 1 more levels of Google XSS challenges to complete so head over to the blog section and checkout walkthroughs.
🥳 So it’s time to wrap up the post with a quote
“In learning you will teach, and in teaching you will learn” -Phil Collins
#google XSS challenge #walkthrough #wargame #CTF #cross site scripting