[http://ctf.infosecinstitute.com/] Level1 writeup
Link to the ctf chall: ctf.infosecinstitute.com/ctf2/ This challenge is basically about javscript and how to use javascript debugger. I found a really uselful tutorial here http://meeech.amihod.com/getting-started-with-javascript-debugging-in-chrome/ . about it here at http://meeech.amihod.com/getting-started-with-javascript-debugging-in-chrome/. Let’s open it’s source and clearly we can bypass the first layer of validation by edit the html. Now we can input what ever we want into name and url field. Let's inject some javascript into name <script>alert('Ex1')</script> http://www.google.com After adding the code ... nothing happen. There is a second layer of protection which escapes our '<' and '>' characters into '<' and '>'. Looking at the javascript code var siteName = $(".ex1 input[type='text']").val().trim().replace(/</g, "<").replace(/>/g, ...