This CTF comes after the previous MMA CTF which got over on 5th September. One of the things that attracted me was that, it included XSS challenges.
Challenge URL : http://xss1.sect.ctf.rocks
The challenge was presented with a text box and we were asked to call
Then, I tried viewing the source code
And I was able to find something written down inside the script tags. Then I understood essentially my target was to by pass the var a=””;. So for that, I tried injecting a payload into the URL which was like
http://xss1.sect.ctf.rocks/?xss=%22;alert(1)//. That threw me an error which said that
dontrunthisscript is not defined. Now the payload became more simple as my requirement was to create a new function and then call
alert(1) inside and eventually got submitted the same URL, got into the index.php page and boom, flag was there!