From 429505c937c15d1d2de0826eefec68c6916beccd Mon Sep 17 00:00:00 2001 From: Martin Mihalek Date: Sun, 15 Oct 2023 10:44:48 +0200 Subject: [PATCH] Add flu.xxx-23 - Awesomenotes_I writeup --- flu.xxx-23/Awesomenotes_I/README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/flu.xxx-23/Awesomenotes_I/README.md b/flu.xxx-23/Awesomenotes_I/README.md index e62e3c0..e711c18 100644 --- a/flu.xxx-23/Awesomenotes_I/README.md +++ b/flu.xxx-23/Awesomenotes_I/README.md @@ -10,9 +10,21 @@ We're excited to announce our new, revolutionary product: A note-taking app. Thi #### Solution: -```bash +- poking around reveals that the `htmx` is used for fetching of data and also is whitelisted thus we can exploit it for XSS +```html +
``` +- report above note for `admin` inspection and profit + ---
FLAG: