MyClassNotes: Hacker101 CTF: Micro-CMS v1 Part 2

Sunday, June 14, 2020

Hacker101 CTF: Micro-CMS v1 Part 2

Now moving on to the next challenge.

Here we have something to click on :D. First what I did was clicked on all

Testing had some static text, while Markdown Test included one button but nothing was working there. Next, in create page there was some form we can fill up. This looks exciting, because form means we can inject some XSS script. But this needs to be tested, so what I did was, created a page with title "Just for Fun" and description "This text is written just for fun." and the effect was? My text was stored there and home page had indexed my title as well.

This indicates that store-XSS could be possible. So let's create a new page and include XSS thing in the title.

XSS Test<script>alert(1);</script>

The page will be created. Now if you go to your home page Voila! there is a flag.

To get the flag you can also edit the page you created last time to include script like above.

16 comments:

coolbuddyMarch 23, 2021 at 10:56 PM
Thanks for sharing this great content. It is really informative and useful., You can also check this Similar siteiso-lead-auditor-training-in-bangalore
ReplyDelete
Replies
mohamafApril 20, 2021 at 12:51 AM
It is really very helpful for us and I have gathered some important information from this blog. ISO Consultants in Saudi Arabia
ReplyDelete
Replies
PatricaJanuary 18, 2022 at 11:36 PM
Very useful information. Thanks for sharing!
ISO Training Singapore

ReplyDelete
Replies
No NameFebruary 11, 2022 at 8:44 AM
FULLZ AVAILABLE WITH HIGH CREDIT SCORES 700+
(Spammed From Credit Bureau of USA)

=>Contact 24/7<=

Telegram> @killhacks
ICQ> 752822040

FRESHLY SPAMMED
VALID INFO WITH VALID DL EXPIRIES

*All info included*
NAME+SSN+DOB+DL+DL-STATE+ADDRESS
Employee & Bank details included

CC & CVV'S ONLY USA AVAILABLE

$1 for SSN+DOB
$2 for SSN+DOB+DL
$5 for High credit fullz 700+
(bulk order negotiable)
*Payment in all crypto currencies will be accepted

->You can buy few for testing
->Invalid or wrong info will be replaced
->Serious buyers needed for long term

PLEASE DON'T ASK ANYTHING FOR FREE

TOOLS & TUTORIALS AVAILABLE FOR SPAMMING, HACKING & CARDING

(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

Ethical Hacking Tools & Tutorials
Kali linux
Facebook & Google hacking
SQL Injector
Bitcoin flasher
Keylogger & Keystroke Logger
Premium Accounts (Netflix, coinbase, FedEx, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
Smtp's, Safe Socks, rdp's, VPN, Viruses
Cpanel
Php mailer
Server I.P's & Proxies
HQ Emails Combo

*If you need a valid vendor it's very prime chance, you'll never be disappointed*

CONTACT 24/7
Telegram> @killhacks
ICQ> 752822040
ReplyDelete
Replies
PatricaMarch 14, 2022 at 2:40 AM
Very nice article..
ISO 22000 Certification
ReplyDelete
Replies
UniAthenaMarch 23, 2022 at 12:00 AM
This comment has been removed by the author.
ReplyDelete
Replies
UniAthenaMarch 23, 2022 at 12:02 AM
This comment has been removed by the author.
ReplyDelete
Replies
UniAthenaMarch 23, 2022 at 12:04 AM
Project managers are always in high demand!

What makes a competent project manager more than just technical expertise. No matter what industry you're in, you'll always find projects that challenge you. Keeping up with the competition, here are the 5 essential project management skills managers need to master.

Leadership- All leaders are managers, but not all managers are leaders. Indeed, what counts the most is leadership skills to drive initiatives & achieve project goals .

Project Planning - Gathering information, preparing a schedule, breaking up the project, defining goals, setting timelines, and creating a clear road map.

Problem Solving - It's all about identifying problems while keeping an eye on the details and putting together a plan of action to fix them.

Risk Management - This deals with identifying potential risks during a project and formulating a risk management strategy.

Technical expertise- If you are dealing with projects that require the development of new technologies, technical expertise can be a great advantage.

For those of you looking to kick-start a career in project management or hone your skills, we've got an Executive Diploma in Strategic Project Management
to get you started. Just Log In & Get a free learning access! With UniAthena

ReplyDelete
Replies
AnonymousApril 17, 2022 at 9:11 AM
Myclassnotes: Hacker101 Ctf: Micro-Cms V1 Part 2 >>>>> Download Now

>>>>> Download Full

Myclassnotes: Hacker101 Ctf: Micro-Cms V1 Part 2 >>>>> Download LINK

>>>>> Download Now

Myclassnotes: Hacker101 Ctf: Micro-Cms V1 Part 2 >>>>> Download Full

>>>>> Download LINK mH
ReplyDelete
Replies
ShivainfotechApril 22, 2022 at 2:20 AM
Very interesting facts. thank you for sharing your valuable knowledge.

PDF Signer Software
ReplyDelete
Replies
AnonymousAugust 14, 2022 at 12:47 PM
QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
CC with CVV Fullz (USA, UK, CANADA)
Tutorials & E-Books For Ethical Hacking
Tools For Everything You Need

I'm On Telegram = @killhacks & I C Q = 752822040

Stuff available for
(Spamming, Carding, Ethical Hacking, LINUX, Programming, Scripting, etc. )

Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
Availability 24/7
FASTEST DELIVERY

Build Your Own Business with proper guide & Legit Tools
Always glad to serve

GOOD LUCK
Here I'm:
I C Q = 752822040
Tele-gram = @killhacks
ReplyDelete
Replies
BUY SWITCHES AND ROUTERSOctober 20, 2022 at 10:10 AM

Thanks for sharing this valuable resource with us. I'm sure it will be a valuable asset for many people.Also, have a look on these CISCO products:

WS-C3650-24TS-L
WS-C3560-24TS-E
WS-C3560CX-8PC-S
ReplyDelete
Replies
AnonymousFebruary 17, 2023 at 1:23 PM
NAME|SSN|DOB|DL|ADDRESS|EMAIL|PHONENUMBER|WORKHISTORY|ACCOUNTDETAILS
Fresh Fullz & Fresh Spammed

CCNUMBER|MM|YYYY|CVV|NAME|SSN|DOB|ADDRESS|EMAIL|PHONENUMBER
CC fullz with CVV

High Credit Scores Pros 700+
EIN Business Fullz

ICQ 752822040
WA/TG +92 317 272 1122
TG @leadsupplier
Skype/Wickr @peeterhacks

Spamming All fresh Tools & Tutorials
Hacking Stuff
Carding Methods & Cashout Methods
Loan Methods
SMTP's/RDP's/SHELLS/Brutes/C-panels
Key-Loggers/Kali-Linux Full Package
Courses for D**K/D**P Web
SQLi Injector
Combos/I.P's/Proxies
Logs/HQ Emails

ICQ/TG @killhacks
WA +92 317 272 1122
exploit.tools4u at gmail dot com
ReplyDelete
Replies
Data WizardFebruary 21, 2025 at 9:16 AM
Buy Fullz, Leads, Database
Get Highly Exclusive, Freshly Spammed, Legit Leads
Verified and Updated 2025

Stuff Listed Below
============================
+USA SSN DL front back with Selfie
+Passport Photos
+USA SSN INFO
+Canada SIN
+UK NIN
+UK Fullz
+USA Fullz
+Canada Fullz
+Business owner leads
+Payday loan leads
+Sweepstakes & gambling Leads
+Casinos database
+Home owners leads
+Employee leads
+USA Bank leads
+Personal detail info
+Email combos
+Mortgage leads
+Crypto database
+Forex database
+Stock Market Trader leads
+Education Leads
+Auto insurance Leads
+Phone Number & Email leads
and many other stuff

All info provided are valid, fresh and not sold before
Replacement for any wrong and invalid info
You can buy a few for testing
Stuff will be delivered after payment proof
Payment only in crypto
Available 24/7
Contact us for the deals & discounts
==============================
Whats App : +1..605..846..1870
TG : @ Lead_pro20
Email : datastreemer (at the rate) gmail (dot) com
Contact us and make good money
ReplyDelete
Replies