- What flag did you get when you disabled the plugin?
ANS: THM{NO_MORE_BUTTMAS}
EXPLANATION:
Step 1: Open the link (https://lab_web_url.p.thmlabs.com/), login username is McSkidy and password is password.
Step 2: Go to General and leave a comment and check whether its taking the input parameter and reflects , then add this payload to comment box.
<u><h1> XSS PAYLOAD
<script>fetch(‘/settings?new_password=pass123’);</script>
Step 3: Logout and login as username as grinch and we know the password is pass123 since we add XSS payload.
Step 4: Go to Setting and click the Disable button to get the flag.
*****************THANK YOU****KEEP LEARNING ******************
HOPE YOU GUYS, THIS WALKTHROUGH MIGHT HELP YOU,IF SO LIKE THE PAGE WILL BE MUCH APPRECIATED AND FOLLOW MY PROFILE FOR MORE WRITE-UPS
*******PEACE*****
