AttackDefense.com [SXSS] - ApPHP MicroBlog

Mission

A version of ApPHP MicroBlog is vulnerable to stored cross site scripting attack. Your task is to find and exploit this vulnerability. Authenticated access is not required to exploit this vulnerability.

Level difficulty: Easy

Category: Real World Webapps > Stored XSS

Solution

On this challenge, I was again provided with the same version of ApPHP MicroBlog as on the RCE exercise found here.

Therefore, I tried the same password and username (admin && password) as in the RCE challenge on the admin login form.

• http://udxkg51hwj61dpkifm62lkdu9.public2.attackdefenselabs.com/index.php?admin=login

• http://udxkg51hwj61dpkifm62lkdu9.public2.attackdefenselabs.com/index.php

By going to an already posted article, we can observe the presence of a comment module within our blog. In that comment module, I used the following examples of XSS payloads.

• http://udxkg51hwj61dpkifm62lkdu9.public2.attackdefenselabs.com/index.php?page=posts&post_id=69

With a simple refresh I have obtained the following result: