Preface First of all, thanks to slashroot ctf because without slashroot ctf I might not have been able to provide these challenges through dewaweb.com. Thanks to all player who took the time to try this ‘simple’ challenge. Notes clue “recon, tools, sign-in, submit” This recon is very easy, actually you don’t need to use tools or scanners. There are still many websites that store important things in HTML comments. It clearly shows info that the git repository (/.git/) was …

Background From observing several IT groups that I follow, many people keep asking, Is XSS dangerous?, How to upload a webshell via XSS?, Why is my XSS bug report not responded to? Is it because XSS is not dangerous?, Or maybe because the web admin is already you know what?, More or less those are the questions that come up, let’s discuss together what the characteristics of XSS are, Definition Cross-site scripting is a type of computer security vulnerability typically found in web applications. …