Posts

XSS Playground

Image
CTF challenge XSS Playground by zseano. Level:Moderate, Name:XSS Playground by zseano Flags:1 This challenge opens a webpage http://35.227.24.107/XXXXXXXXXX/index.php containing details such as person photo, name, place, comments, give feedback...etc. There is option to add comment, feedback. After providing feedback, a message will be displayed and URL used is http://35.227.24.107/XXXXXXXXXX/index.php?msg=Thanks,%20your%20feedback%20has%20been%20received.%20We%20appreciate%20you%20sharing%20your%20feedback . What ever message we send in msg will be displayed on the webpage. In webpage, there is no permission to see email, it says Error 403: You are not allowed to view emails. This must be the entry point. When checked the sources in inspection, there are files custom.js, feedback.js. In custom.js there are apis defined such as action.php, feedback.php, getemail. Tried checking each api using the usrl http://35.227.24.107/XXXXXXXXXX/api/feedback.php, http://35.227.24.107/XXXXXXXXX...
Image
CTF challenge oauthbreaker. Level:Moderate, Name:Oauthbreaker Flags:2. This challenge provides an android application named oauth.apk. oauth.apk -> This app has 2 activities. First activity is MainActivity with authenticate button. On clicking this button a url will open in new web browser with option "Authorize Mobile Application". Opening the link available in web browser redirects to the second activity which is BrowserActivity. BrowserActivity is to load url using webview. Application flow: OAuth mobile application(MainActivity) -> Web browser -> OAuth mobile application(BrowserActivity) URLs at each stage: Authenticate button in MainActivity opens the link: http://35.227.24.107/XXXXXXXXXX/oauth?redirect_url=oauth://final/login&response_type=token&scope=all . Opening the link "Authorize Mobile Application" present in web browser redirects to BrowserActivity in oauth app. This BrowserActivity loads a predefined URL: http://35.227.24.10...