rffuste · @rffuste
14 followers · 13 posts · Server infosec.exchangeBurp Suite Academy Lab – Reflected XSS into attribute with angle brackets HTML-encoded
This lab contains a reflected cross-site scripting vulnerability in the search blog functionality where angle brackets are HTML-encoded. To solve this lab, perform a cross-site scripting attack that injects an attribute and calls the alert function.
https://www.rffuste.com/2023/02/06/burp-suite-academy-lab-reflected-xss-into-attribute-with-angle-brackets-html-encoded/
#CTFs #burpSuiteAcademy
rffuste · @rffuste
14 followers · 10 posts · Server infosec.exchange<strong>BurpSuite Lab – DOM XSS in jQuery selector sink using a hashchange event</strong>
This lab contains a DOM-based cross-site scripting vulnerability on the home page. It uses jQuery's $() selector function to auto-scroll to a given post, whose title is passed via the location.hash property.
To solve the lab, deliver an exploit to the victim that ca
https://www.rffuste.com/2023/01/16/burpsuite-lab-dom-xss-in-jquery-selector-sink-using-a-hashchange-event/
#CTFs #burpSuiteAcademy
rffuste · @rffuste
14 followers · 9 posts · Server infosec.exchangeBurpSuite Lab – DOM XSS in jQuery anchor `href` attribute sink using `location.search` source
This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $selector function to find an anchor element, and changes its href attribute using data from location.search.
To solve thi
https://www.rffuste.com/2023/01/09/burpsuite-lab-dom-xss-in-jquery-anchor-href-attribute-sink-using-location-search-source/
#CTFs #burpSuiteAcademy
rffuste · @rffuste
14 followers · 7 posts · Server infosec.exchange<strong>BurpAcademy Lab – DOM XSS in innerHTML sink using source location.search</strong>
This lab contains a DOM-based cross-site scripting vulnerability in the search blog functionality. It uses an innerHTML assignment, which changes the HTML contents of a div element, using data from location.search.
To solve this lab, perform a cross-site scripting a
https://www.rffuste.com/2023/01/02/burpacademy-lab-dom-xss-in-innerhtml-sink-using-source-location-search/
#CTFs #burpSuiteAcademy
rffuste · @rffuste
12 followers · 5 posts · Server infosec.exchangeBurp Suite Academy lab – DOM XSS in document.write sink using source location.search
This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is called with data from location.searc
https://www.rffuste.com/2022/12/19/burp-suite-academy-lab-dom-xss-in-document-write-sink-using-source-location-search/
#CTFs #burpSuiteAcademy