From dec4928989714364a5d7e930f9a04ae4019359b6 Mon Sep 17 00:00:00 2001 From: Yan Date: Thu, 5 Sep 2024 01:21:49 -0700 Subject: [PATCH] victim arg --- web-security/level-8/DESCRIPTION.md | 1 + web-security/level-9/DESCRIPTION.md | 2 ++ 2 files changed, 3 insertions(+) diff --git a/web-security/level-8/DESCRIPTION.md b/web-security/level-8/DESCRIPTION.md index cbfbe3a..c0ee91f 100644 --- a/web-security/level-8/DESCRIPTION.md +++ b/web-security/level-8/DESCRIPTION.md @@ -7,4 +7,5 @@ To carry out such an attack, an attacker typically needs to trick the victim int This is unlike a Stored XSS, where an attacker might be able to simply make a post in a vulnerable forum and wait for victims to stumble onto it. Anyways, this level is a Reflected XSS vulnerability. +The `/challenge/victim` of this challenge takes a URL argument on the commandline, and it will visit that URL. Fool the `/challenge/victim` into making a JavaScript `alert("PWNED")`, and you'll get the flag! diff --git a/web-security/level-9/DESCRIPTION.md b/web-security/level-9/DESCRIPTION.md index 0fc0b60..e17b1f3 100644 --- a/web-security/level-9/DESCRIPTION.md +++ b/web-security/level-9/DESCRIPTION.md @@ -3,3 +3,5 @@ In SQL, you have dealt with injecting into the middle of quotes. In XSS, you often inject into, for example, a textarea, as in this challenge. Normally, text in a textarea is just, well, text that'll show up in a textbox on the page. Can you bust of this context and `alert("PWNED")`? + +As before, the `/challenge/victim` of this challenge takes a URL argument on the commandline, and it will visit that URL.