There are a number of links given in the page (4 links to be precise). The objective is to change all the Links on that page to “http://PentesterAcademy.com/topics”. As always, like a Pentester, we should be systematic in trying to attack a target. So first lets us figure out if it is vulnerable to XSS. As always, lets try injecting an alert payload:
As you can see, it will give you a pop up and yea, we have confirmed that the page is vulnerable to XSS. The next thing is to check out the page source code from which we can identify all the link attributes which we should modify. We can see that there are 4 links in total and we need to modify all of them so that it points to “http://pentesteracademy.com/topics”.
As shown in the source code, we have 4 links to modify. To modify an
<a> tag we can use
getElementByTagName("a") and then modify the corresponding href tags to the link that we want. The above command will return a list of all
<a> tags present in the documents. Then we can use
link.href = "URL". Since we have more than 1 link to be changed, we have to use a for loop so that all the links can be modified at once. The entire payload looks like this:
You can copy the entire payload above and try to inject it. This will modify 2 things:
1) It will modify all the URL’s and will point it to “http://pentesteracademy.com/topics”
2) it will change the innerHTML of href tag and modify it to strings like Pentester Academy link 0 , Pentester Academy link 1 etc..
2) The solutions written above is the way we cracked the problem which might be different from the solution videos provided by the SecurityTube. If you need the solution video, you have to subscribe to PentesterAcademy.
We hope that you really liked this challenge. If there is anything you didn’t understand, wanted to get more clarity or if there is a better way to complete this challenge, please comment down and we are more than happy to help. Happy Pentesting..