webmedium

Theme Editor (Редактор тем) - Duckerz CTF

duckerz

Task: CSS theme editor with URL-based config sharing. Solution: Reflected XSS via innerHTML injection in borderWidth parameter, bypassing client-side validation to steal admin cookies through Telegram bot trigger.

$ ls tags/ techniques/
xsssession_hijackingcookie_stealingreflected_xssinnerHTML
innerHTML_injectionbase64_url_parametercookie_exfiltrationtelegram_bot_trigger
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]