XSS - Multilevel XML Parsing: JS for Pentesters task 21 write up
writeup for task-21 of JS for pentesters series by security-tube - Multilevel XML parsing
We have already seen and cracked challenges that deals with Multilevel JSON and HTML parsing already. Now let us look into the 3rd one namely parsing XML.
JS for Pentesters task 21
Our objective of this challenge is to Find John’s Secret Questions+Answers using an XSS vulnerability on this page and Display the Questions+Answers in the div with id “result”. Before carrying in with the challenge, I strongly recommend you to read “Ajax: Parsing and reading XML files” for the basics on how to parse and read XML file using Ajax.
Since the response we get from the request is in the format XML, we use the keyword
responseXML instead of responseText. From XML files, we can easily take any values we need just like accessing values from HTML files. Thats why you can see that we are accessing the values we need from the XML document using
document.getElementsByTagName() which is usually used to select data from an HTML file.
1) While playing with XSS challenges, it is always recommended to use Mozilla Firefox because Google chrome has inbuilt
We hope that you really liked this challenge. If there is anything you didn’t understand or wanted to get more clarity, please comment down and we are more than happy to help. Also, if you get a better way of solving the challenge, please share it with us and we are happy to learn from our readers too. Happy pentesting..