Siemens Future Minds CTF — Cupcake Magdalena

Cupcake Magdalena was a challenge during Siemens’ Future Minds CTF. It was in the Web category and had the following description:

Solving the challenge

The challenge presented a web page with a functionality to submit a review. After submitting the review an admin is going to look at the review. So I have tried to inject a XSS payload to read the admin’s sessions cookie.

The following Javascript code will read the user’s cookie and send it via a GET request to a web server which I have set up in prior.

For that I have intercepted a request to /api/reviews/add and added my payload into the “name” and “review” parameter:

Finally I was able to retrieve the flag. It seems like both parameters / forms are vulnerable to XSS as I have retrieve the flag twice

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store