Skip to content

Latest commit

 

History

History
 
 

Choosy

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 

Choosy

The sentence below which we saw when visit challenge URL gives hint of XSS attack (Capital X[GiXe] and S[Some])

  • GiXe me Some intresting Input

And the challenge name Choosy suggest that not all payloads will work, only specific payload will work so we need to try different payloads untill it works.

  • If we use <script>alert(1)</script> it strips of script
  • If we try image payload it works

Payload :-

  • "" And we get the flag in XSS pop-up

image

Hints with point values :-

  • Hint 1 :- imgage payloads are very well than script tag payloads.