Openecsc-2024

Perfect Shop March 2024 - filtered and size-limited reflected XSS “Do you like perfect things? Check out my new online shop!” Prior knowledge: HTML, JavaScript Context The link to the challenge website and its corresponding source code are provided. At first glance, the website may seem a bit overwhelming: there are various functionalities, which means several endpoints and mechanisms to study in search of vulnerabilities. However, fortunately, the code is relatively short and not very verbose, and all files except for server.js do not contain interesting elements: products.js gathers information about the products, while the various templates seem to only display elements passed by the server. Their presence can be kept in mind, but the existence of a Server Side Template Injection is temporarily ruled out. ...