Can anyone share some hints on the skills assessment for the Server-Side attacks module? I know the attack surface is pretty small, but I can’t for the life of me find an injection point based on the module content.
So I did that common thing where you post a question after hours of frustration and then 20 min later find the answer. In my defense, the solution is very silly and, in my opinion, doesn’t really test you on the module’s content. It feels more like a low grade CTF problem. For anyone else stuck, I would point you to the .js file with the nondescript name. Poke around in that and the flag is a dead giveaway from there.
Haha! If I remember correctly, I had a similar experience.
Thanks, really. I had a feeling this module’s skills assessment would be off and went here after just 20 mins.
Wow… this box is tricky. ‘’-.-‘’
I use common SSTI payloads when I register and login. I post a message and fuzz both tittle and content with payloads but doesn’t inject nothing. Anyone could help? thx
Always analyze HTML for some strange things…
Fuzz the website directories. Check the .js file. Answer is in there.
I agree I felt that challenge didn’t really test any of the learned skills. Strange.