Project Sekai - ✅-web-peanut-xss

peanut-xss - 500 points

Category: Web Description: Nutshell is pretty cool. Want to test it out? admin bot: nc peanut-xss-bot.chal.uiuc.tf 1337 Files: No files. Tags: No tags.

Sutx pinned a message to this channel. 06/30/2023 5:15 PM

@jayden wants to collaborate

@Violin wants to collaborate

18:37

@unpickled admin bot wants to collaborate

ok so

19:28

i got xss but

19:29

gotta click on the "nutshell" to trigger

19:29

19:29

<a href='https://www.youtube.com/watch?v=" onload="alert(1)" a="'>:bruh</a>

@DreyAnd wants to collaborate

DOMPurify being used makes me scared (edited)

alright going to sleep back in 3 hours

20:00

gl guys

jayden

<a href='https://www.youtube.com/watch?v=" onload="alert(1)" a="'>:bruh</a>

prob ask strellic how it can be bypassed lmao

get strellic in here

i think he needs to attend ax this weekend so wont be playing

20:19

but you can prob just DM him on this particular issue'

Sutx

Click to see attachment 🖼️

@sahuang can you nc to this? or is it just me its bugging for

yeah i cant either lol

bot is dead yea

ok told admins

20:28

ok its up nc 35.202.14.4 1337

20:29

(the ip url is because admins said dns might be slow but)

20:29

no both are up

ims tupdi asf

jayden

used /ctf solve

✅ Challenge solved.

nice

oh cool

04:11

what was the solution @jayden

<a>:<img src=x onerror='alert(1)'></img></a> lol

damn haha