VCS Passport Blue Team
  • VCS Passport 2024 : Blue Team
  • Server-Side Vulnerabilities
    • SQL Injection Writeup
    • Authentication Writeup
    • Access Control Writeup
    • Command Injection Writeup
    • Path Traversal Writeup
    • File Upload Vulnerabilities Writeup
    • Information Disclosure Writeup
  • Client-Side Vulnerabilities
    • Cross-site Scripting Writeup
  • Advanced Web Vulnerabilities
    • Insecure Deserialization Writeup
  • Code Punching
    • Bá
    • Đạt
    • Hải
    • Khiêm
    • Quân
    • Nam
  • Programing
    • Keylogger
    • Reverse Shell
    • Process Injection
    • Basic Process, Thread, HANDLE
    • Hook
  • LINUX PROGRAMING
    • Linux Internal
    • Keylogger & Ransomware
    • Hook & Inject
  • MALWARE ANALYSIS
    • Unpack
    • Finding Threat (Lab 21 - 24)
    • Malware Analysis
    • Finding Threat (Lab 01 - 20)
  • OJT
    • Cobalt Strike Lab
    • Shell
    • TTGS CTF
    • VCS Blue CTF Season 2
    • Process and Thread
    • Service
    • COM Hijack
    • OSCP
    • Active Directory
    • Log
    • Log Windows
    • Browser-C2
    • DllSideload
    • Purple Lab
  • Forensic Class HaiNH45
    • Week 1
    • Week 2
    • Week 3
Powered by GitBook
On this page
  • Các vuln tìm được:
  • 1. Cross-site scripting (XSS)
  • 1.1 api/send_message
  1. Code Punching

Khiêm

PreviousHảiNextQuân

Last updated 1 year ago

Các vuln tìm được:

1. Cross-site scripting (XSS)

1.1 api/send_message

Description:

Tham số username trong URL bị dính XSS

Reproduce:

Login -> Messages -> Message cho user bất kì

Request thu được như sau:

Sửa tham số username