Advent of Cyber Day 11

๐Ÿ›ก️ Day 11 — Leave the Cookies, Take the Payload: XSS in Santa’s Secure Portal

Introduction

After a major tech upgrade, Santa’s workshop finally stepped into the modern era. McSkidy now manages queries through a secure portal, but strange activity started surfacing — odd logs, unusual messages, and even Santa’s letters appearing as random scripts.

The mission today: dig into the logs, uncover the mischief, and track down the attacker.

๐ŸŽฏ Learning Objectives

By completing this task, you’ll understand:

  • How Reflected XSS works

  • How Stored XSS works

  • How to prevent XSS attacks in web applications

๐Ÿงจ Introduction to XSS

Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious JavaScript into web pages. If user input isn’t properly validated or escaped, it can execute as code.

Consequences of XSS include:

  • Cookie theft

  • User impersonation

  • Page defacement

  • Fake login prompts

  • Unauthorized actions

Today we focus on:

  • ✅ Reflected XSS

  • ✅ Stored XSS

๐Ÿ” Reflected XSS

Reflected XSS occurs when a payload is immediately returned in the server’s response.

Example URL payload:

https://example.com/search?term=<script>alert('XSS')</script>

If the site prints the search term without validation, the script executes — often used in phishing attacks.

๐Ÿงช Testing Reflected XSS in the Portal

Payload used:

<script>alert('Reflected Meow Meow')</script>

Steps:

  1. Enter the payload in the search bar

  2. Click Search Messages

  3. Check if an alert pops up

  4. Verify execution in system logs

Outcome: ✅ Reflected XSS confirmed

๐Ÿ—ƒ️ Stored XSS

Stored XSS occurs when the payload is saved on the backend, usually in a database. Every visitor triggering that page executes the malicious script.

Example payload:

<script>alert('Stored Meow Meow')</script>

๐Ÿงช Testing Stored XSS

  1. Enter the payload in the Message Form

  2. Click Send Message

  3. Reload the page

Outcome: ✅ Stored XSS confirmed

๐Ÿ”’ How to Prevent XSS

Defend against XSS with these best practices:

  1. Avoid dangerous HTML rendering
    Use textContent instead of innerHTML

  2. Protect cookies
    Set attributes: HttpOnly, Secure, SameSite=Strict

  3. Sanitize and encode all user input
    Remove or escape:

    • <script> tags

    • Event handlers (onclick, onload)

    • JavaScript URLs (javascript:)

๐Ÿ Wrapping Up

Both Reflected and Stored XSS vulnerabilities were present in McSkidy’s portal — explaining the suspicious activity in the logs. The development team is now patching the site to prevent future attacks.

✅ Answers

QuestionAnswer
Which XSS attack requires payloads to be persisted on the backend?Stored
Reflected XSS flagTHM{Evil_Bunny}
Stored XSS flagTHM{Evil_Stored_Egg}

Comments

Post a Comment

Popular Posts