Introduction In this post we will cover the basics of XSS automation using Paramspider and kxss applicable in pentesting and Bug Bounties Prerequisites Paramspider
kxss
What is XSS XSS (Cross-Site Scripting) is a type of security vulnerability that can be found in web applications. It allows an attacker to inject malicious code, such as scripts, into a web page viewed by other users. This can lead to the theft of sensitive information, such as login credentials or personal data, and can also be used to hijack user sessions or redirect users to malicious websites.
Foreword Took some time to solve this challenge,learnt alot in the process. hope you also grab something new from it :) Challenge Solution visiting the link provided http://web.ctf.ae:8812/ - will be offline soon XD
we are met with this friendly page
filling the form and clicking on submit we are met with this response
so far we can gather that it’s an XSS related challenge,hence the hint in the challenge description.
Challenge Solution we are also given the source file here
which had the following
and the challenge
the two python scripts as follows
from flask import Flask, request, render_template from urllib.parse import unquote from bot import visit_report app = Flask(__name__) @app.route("/") def index(): return render_template("index.html") @app.route("/api/submit", methods=["POST"]) def submit(): try: url = request.json.get("url") assert(url.startswith('http://') or url.startswith('https://')) visit_report(url) return {"success": 1, "message": "Thank you for your valuable submition!"} except: return {"failure": 1, "message": "Something went wrong.