概述
HackTheBox 网站CTF靶场Web相关题目Full Stack Conf,题目地址https://app.hackthebox.com/challenges/full-stack-conf,考察对题目描述的理解,主要利用了XSS漏洞。
题目
题目概述
开启程序实例后,提示访问178.128.162.158:31971
,访问http://178.128.162.158:31971后看到如下Web界面,注意网站的标题是xss
结合题目给出的提示Welcome to Full Stack Conf, explore the future of JavaScript with a lineup of industry professionals and discover new techniques to advance your career as a web developer. But be very careful with the stay up to date form, we don't sanitize anything and the admin logs in and checks the emails regularly, don't try anything funny!!
,注意其中提到了JavaScript,提到了没有对管理员登录和邮件进行过滤,因此判断出这道题是对XSS知识点的考察。
题目解答
在Email处输入最简单的xss利用代码<script>alert(1)</script>
即可得到flag