What can I do with an unsanitised form?

I’m completing a CTF (my first CTF really) and have become a bit stuck. Here’s what I’ve done so far:

nmap scan identified ports 80 and 5000 are open. Browser on port 80 gives me a generic nginx landing page, on port 5000 I get a “leave me a message” page. It’s the generic “you type a message, you can see a list of sent messages” thing which I’ve seen in a few other CTFs.

The page asks for a name and a message to be left, and I found out that it does not sanitise either input. So I can enter HTML and Javascript, and was able to do the simple <script>alert('xss') </script> to verify that I can indeed do something here. But I don’t really know where to go with this next.

I’ve tried dirbuster to enumerate directories and had no luck. I’m looking for 3 flags, so far haven’t found anything and I’m reasonably sure I’m supposed to exploit this webpage to keep going as there isn’t an awful lot else available. Any suggestions, links to resources, etc. would be greatly appreciated.

submitted by /u/Acselerator02
[link] [comments]

January 9, 2020
Read More >>

How to Change WordPress Admin URL to Prevent Brute Force Attacks?

If your WordPress hasn’t been attacked by a brute force till now, consider yourself lucky. A brute force attack is a really stubborn attempt by an attacker to break into your WordPress dashboard and take over control of it. They try various combinations of usernames and passwords, which can possibly let them in, mostly by guesswork or bots. Since we all know the URL to log into the WordPress admin…

January 9, 2020
Read More >>

Welcome To Walmart. The Robot Will Grab Your Groceries.

Walmart is testing back-of-store automated systems that can collect 800 products an hour, 10 times as many as a store worker. From a report: In the backroom of a Walmart store in Salem, N.H., is a floor-to-ceiling robotic system that the country’s largest retailer hopes will help it sell more groceries online. Workers stand on platforms in front of screens assembling online orders of milk, cereal and toilet paper from…

January 9, 2020
Read More >>