This module focuses on identifying and exploiting XSS vulnerabilities. Read the instructions and use the skills you have learned in previous modules to solve the task.
XSS in file transmission 2
In this assignment, we exploit an XSS vulnerability in the file upload function and hijack the administrator's session. The objective of the task is to change the administrator's password!
Objective
Compromise Administrator Session
Exercises
Flag
Find the flag from the lab environment and enter it below.
JavaScript code can also be executed in the SVG file format. With the example below, you can execute JavaScript code. Solve the task in the required manner.
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//FI" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript"> alert(1); </script>
</svg>
Ready to become an ethical hacker?
Start today.
As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.