Skill Assestment - Injection Attacks

Hello,

Since I can’t find a thread I will open a new one.
Wondering if anyone succeded with the Injection Attacks Skill assestment(the newest module from Senion Web Pentester) to get the hidden flag?
Any hint would be apreciated.

Cheers!

How far have you reached in the exploitation phase?
Would like to know this to know where I can nudge you.
Make sure you don’t reveal any spoilers.

1 Like

Anyone solve this yet? Is it just a matter of reading a file or is there more to it (RCE for example)?

I can interact with the internal API but am having issues with injecting anything further. Any guidance would be appreciated.

Yes same here. I can get the internal site and know the structure of things (I think I can even dump the whole content, which probably contains the flag), but the item that is output is too small to show all the information and I’m struggling to selectively exfiltrate stuff.

DM if you need a nudge

From what I gather, the vuln is: SSRF in the Description field of the POST via an iframe. Is that correct?
I tried a bunch of the 127.0.0.1/api/whatevers but at this point I’m just guessing. A nudge would be quite helpful!

Edit: It appears I was way off. It looks like JavaScript is being run in the Description field. If so I still can’t find where the flag resides.

You might need to use some of the X***H commands to filter out the data you need…

DM if you need a hint