soXSS challenge
Delivered by terjanq & NDevTK
Can you take up on the yet another challenge and pop out an alert()
on so-xss.terjanq.me
origin?
The solution:
- The challenge is over! Check out the PoC and the writeup.
- Must work in the latest version of Chrome or Firefox.
- Can't make use of other domains from
*.terjanq.me
(including terjanq.me
).
- Can't be a self-XSS.
- Must be submitted in a private message to terjanq or NDevTK.
- Must display contents of admin's file, i.e.
alert(_RAW_HTML_CONTENTS_)
.
- Must not require heavy user interaction (e.g. 2 clicks are acceptable).
- The challenge was patched on 10/22/2021 4pm CEST