Start interactive tutorial

← Back to Projects

Detect the XSS Vulnerability

Difficulty

  • easy

Average duration

1 hrs

Technologies

Difficulty

  • easy

Average duration

1 hrs

Technologies

🌱 How to start this lab

In this lab, you will take on the role of a security analyst tasked with auditing an online store that appears to function normally. However, unusual behavior has recently been reported when interacting with certain features of the site. It is suspected that there may be an active vulnerability allowing an attacker to manipulate page content.

Your job is to inspect the application with a critical mindset, identify any weak points in user input handling, and determine if there is a functionality exposed to exploitation.

In this lab, you will practice:

  • Identifying abnormal responses in web applications
  • Logical reasoning from a defensive (Blue Team) perspective

🌱 How to start this lab

👉 This challenge uses the same virtual machine as the previous lab: Pwned! - Find the backdoor. If you already downloaded it, there's no need to do it again.

  1. If you don't have it yet, download the virtual machine from this link:
We are sorry, you don't have enough privileges to access this block of content, please signup or upgrade your plan to access it.
1 https://storage.googleapis.com/cybersecurity-machines/web-threats-lab.ova
  1. Import the virtual machine into VirtualBox or VMware.
  2. Start the VM and open the website in your browser:
1 http://<ip_machine>/softwarelicenser/
  1. When needed, you can log in using the credentials: student:4geeks-lab.

Your Mission

SoftwareLicenser is a live online store currently under internal review. Some users have reported strange behavior when browsing certain pages or submitting forms. Your mission is to inspect the application as a Blue Team analyst, identify any suspicious interactions, and determine if there's a vulnerable endpoint that allows malicious content injection.

Validation

If you manage to identify the compromised file, you’ll be able to validate it and close the incident — the system will reveal what you're looking for to confirm your findings.

1validate-xss

Good luck, Analyst!

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • easy

Average duration

1 hrs

Technologies

Difficulty

  • easy

Average duration

1 hrs

Technologies

Difficulty

  • easy

Average duration

1 hrs

Technologies

Difficulty

  • easy

Average duration

1 hrs

Technologies

Sign up and get access to solution files and videos for free

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • easy

Average duration

1 hrs

Technologies

Difficulty

  • easy

Average duration

1 hrs

Technologies