soXSS challenge
Delivered by terjanq & NDevTK
Can you take up on the yet another challenge and pop out an alert() on so-xss.terjanq.me origin?
The solution:
- The challenge is over! Check out the PoC and the writeup.
- Must work in the latest version of Chrome or Firefox.
- Can't make use of other domains from
*.terjanq.me (including terjanq.me).
- Can't be a self-XSS.
- Must be submitted in a private message to terjanq or NDevTK.
- Must display contents of admin's file, i.e.
alert(_RAW_HTML_CONTENTS_).
- Must not require heavy user interaction (e.g. 2 clicks are acceptable).
- The challenge was patched on 10/22/2021 4pm CEST