Web - Client

Bonjour à tous,

I can’t seem to find a solution to this challenge. I’m stuck at finding a XSS in the first place (= I can’t get the site to execute an `alert`). I understand why I can’t directly inject a `script`-Tag : because the browser simply doesn’t interpret `script`-Tags when they are dynamically created (via `innerHTML`). Ok, so as an alternative approach, I tried it with the inline event-handler : `img src="x" onerror="alert(1) ;"`, but that doesn’t work either, now because it is blocked by the CSP directive "script-src ’nonce-...’", as the Devtools-Console tells me.

Can someone give me a hint in the right direction ? I understand what a script-nonce is (a random value unique to every HTTP request) and how it works, but ... am I supposed to somehow ’crack the nonce’ and find a pattern in it (unlikely), or is there any other way I can bypass the `script-src ’nonce-...’`-directive ? Or should I focus less on this directive and more on weak or missing directives ?

Ok, solved it. I’ll answer myself for anyone who comes across this in the future : ’Yes’ to my last question. There is even a tool on the web that checks CSP headers and tells you about possible weaknesses. Furthermore, if you’re irritated (like I was) about the fact that your payload is reflected on the page via JS - client-side, not server-side -, look up "DOM-based XSS".

Hi

I am stuck on this challenge... I injected code succesfully, i get a response and everything. I just don’t know what to look for. i can get some cookies but they dont seem to be useful. So i am very stuck.

Can anyone help me pls ?

thanks in advance :)

Any hint for the team please ?