XSS - Replacing images: JS for Pentesters task 11 write up
writeup for task-11 of the series JS for pentesters by security-tube - Replacing Images
This is one of the interesting challenges from Pentester Academy but a very easy one. This is like a typical noobs where once they got access to a server, first thing to do is to deface the server. We are actually not doing a deface but something similar. Let us see the challenge:
JS for Pentesters task 11
Our objective of this challenge is to Replace the Pentester Academy Banner image with a Defacement Image. Now let us see how can we crack this challenge. After analyzing the source code, we can understand one thing that there is only one
<img> tag in the whole source code.
This makes our work much easier. Since there is only 1
<img> tag, all we have to do is to select the
<img> tag and change its
src attribute. The payload will look like this:
So what we did was to create a new variable named script and we assigned it with the first
<img> tag using
document.getElementByTagName(). Then we changed its
<img src "" > attribute to a new URL which will get substituted in the place of original Pentester academy logo.
We hope that you really liked this challenge. If there is anything you didn’t understand or wanted to get more clarity, please comment down and we are more than happy to help. Also, if you get a better way of solving the challenge, please share it with us and we are happy to learn from our readers too. Happy pentesting..