Server Side XSS

June 25, 2023

Stocker – HackTheBox Writeup

Thoviti Siddharth HackTheBox, Infosec Burp, exiftool, express, ffuf, HackTheBox, HTB, Infosec, Linux Box, Node, nodejs, NoSQL, NoSQL Injection, PDF, Server Side XSS, subdomain, sudo -l, Writeup, XSS 1

Machine Name: Stocker
IP: 10.10.11.196
Difficulty: Easy

Summary

Stocker is an easy machine which starts with a subdomain enumeration, and leads to NoSQL injection to bypass a login page. Then, it challenges us to understand the flow of API calls that generate a PDF, which can be exploited to read local files on the server using a Server Side XSS exploit. We find credentials of a user by exploiting the Server Side XSS to read the source code of the application. The privilege escalation involves abusing sudo rights that allow the user to run javascript files as root.