Introduction In this post we will cover the basics of XSS automation using Paramspider and kxss applicable in pentesting and Bug Bounties Prerequisites Paramspider kxss What is XSS XSS (Cross-Site Scripting) is a type of security vulnerability that can be found in web applications. It allows an attacker to inject malicious code, such as scripts, into a web page viewed by other users. This can lead to the theft of sensitive information, such as login credentials or personal data, and can also be used to hijack user sessions or redirect users to malicious websites.

Foreword Took some time to solve this challenge,learnt alot in the process. hope you also grab something new from it :) Challenge Solution visiting the link provided http://web.ctf.ae:8812/ - will be offline soon XD we are met with this friendly page filling the form and clicking on submit we are met with this response so far we can gather that it’s an XSS related challenge,hence the hint in the challenge description.

Challenge Solution we are also given the source file here which had the following and the challenge the two python scripts as follows from flask import Flask, request, render_template from urllib.parse import unquote from bot import visit_report app = Flask(__name__) @app.route("/") def index(): return render_template("index.html") @app.route("/api/submit", methods=["POST"]) def submit(): try: url = request.json.get("url") assert(url.startswith('http://') or url.startswith('https://')) visit_report(url) return {"success": 1, "message": "Thank you for your valuable submition!"} except: return {"failure": 1, "message": "Something went wrong.