Solution for “A Weird XSS Case”

This challenge was created for BSidesDublin 2019, the goal was to
trigger an alert using an XSS on the domain https://bsides2019dublin.h4cktheplanet.com/.

Nobody was able to solve it during the event so we decided to keep it online for an extra week to let you play with it.

3 persons managed to solve it during this extra time:

Here is the full solution

The website is a single HTML file asking for an username.

When you submit an username some checks are made and a message tells you if the submitted username is l33t or not.

Let’s take a look at the JavaScript code.

+ Read More