Skip to main content
Solved

Question of the day 12/09, Cybersecurity Edition

marcofabbri
Forum|alt.badge.img+13

Day 10

You are moderator of a Wordpress site. It’s monday morning and you had already a cup of coffee. While checking comments on site posted in the previous weekend, you found a plaintext transformed code.

<img src=x onerror="alert(1)" />

What type of attack was tried to check?

  • Path traversal
  • Banner grabbing
  • Subdomain scanning
  • Cross-site scripting
  • SOAP api

Best answer by mkevenaar

Cross site scripting 

View original
Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
MicoolPaul
BertrandFR
Stabz
6 people like this
  • MicoolPaul
    MicoolPaul
  • BertrandFR
    BertrandFR
  • Stabz
    Stabz
  • marcofabbri
    marcofabbri
  • Madi.Cristil
    Madi.Cristil
  • April M
    April M
Did this topic help you find an answer to your question?

7 comments

mkevenaar
Forum|alt.badge.img+15
  • mkevenaar
  • Veeam Vanguard
  • 149 comments
  • Answer
  • September 12, 2022

Cross site scripting 

Maurice Kevenaar |Veeam Vanguard 2020-2024 | Veeam Legend 2023-2024 | Twitter: @mkevenaar | Mastodon: @mkevenaar@masto.nu - https://masto.nu/@mkevenaar | Blog: https://kevenaar.name | Join the Veeam Community Hackathon: https://veeamhackathon.com/sign-up
mkevenaar
Chris.Childerhose
wolff.mateus
4 people like this
  • mkevenaar
    mkevenaar
  • Chris.Childerhose
    Chris.Childerhose
  • wolff.mateus
    wolff.mateus
  • marcofabbri
    marcofabbri
dips
Forum|alt.badge.img+7
  • dips
  • Veeam Legend
  • 808 comments
  • September 12, 2022

Cross-site scripting

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
Chris.Childerhose
dips
Link State
5 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • dips
    dips
  • Link State
    Link State
  • wolff.mateus
    wolff.mateus
  • marcofabbri
    marcofabbri
JMeixner
Forum|alt.badge.img+17
  • JMeixner
  • On the path to Greatness
  • 2650 comments
  • September 12, 2022

Cross-site scripting  😎

Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
Chris.Childerhose
Link State
wolff.mateus
4 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • wolff.mateus
    wolff.mateus
  • marcofabbri
    marcofabbri
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8512 comments
  • September 12, 2022

Cross-site scripting

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Chris.Childerhose
wolff.mateus
marcofabbri
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • wolff.mateus
    wolff.mateus
  • marcofabbri
    marcofabbri
wolff.mateus
Forum|alt.badge.img+11
  • wolff.mateus
  • Veeam Vanguard
  • 542 comments
  • September 12, 2022

It sounds like CSS (Cross-site scripting) attack.

IT Lover | Veeam Vanguard | VUG Leader | Blogger
Chris.Childerhose
wolff.mateus
marcofabbri
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • wolff.mateus
    wolff.mateus
  • marcofabbri
    marcofabbri
marcofabbri
Forum|alt.badge.img+13
  • marcofabbri
  • Author
  • On the path to Greatness
  • 990 comments
  • September 13, 2022

XSS was the correct answer: XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users (stored xss) or by attacker itself (reflecterd XSS)

Backups are like pizza, I love them. | Linkedin: @marco-fabbri-it
mkevenaar
Chris.Childerhose
wolff.mateus
4 people like this
  • mkevenaar
    mkevenaar
  • Chris.Childerhose
    Chris.Childerhose
  • wolff.mateus
    wolff.mateus
  • marcofabbri
    marcofabbri
mkevenaar
Forum|alt.badge.img+15
  • mkevenaar
  • Veeam Vanguard
  • 149 comments
  • September 21, 2022

I just found a real life example on this community:

 


I already reported this user to @Madi.Cristil 

Maurice Kevenaar |Veeam Vanguard 2020-2024 | Veeam Legend 2023-2024 | Twitter: @mkevenaar | Mastodon: @mkevenaar@masto.nu - https://masto.nu/@mkevenaar | Blog: https://kevenaar.name | Join the Veeam Community Hackathon: https://veeamhackathon.com/sign-up
Chris.Childerhose
Madi.Cristil
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Madi.Cristil
    Madi.Cristil

Comment


Terms & Conditions