StoNe- Posted May 17, 2013 Report Posted May 17, 2013 (edited) Sunt la moda acum challenge-urile XSS, mai iesim din atmosfera SQLi.Target: Challenge XSS #1Hint: Ll6SK5ANb6QfDHXbgmWqQfTGDtKlpiu=bfTP0GrxHG6e+GXQSh6YngT8Vectorul folosit pe PM + screenshot.Succes!Solvers:- yoyois- Sweby- StrXt- danyweb09- Toshib4- akkiliON Edited May 18, 2013 by StoNe- Quote
yoyois Posted May 17, 2013 Report Posted May 17, 2013 (edited) urat la parte cu md5. Anyway merge sa-l cauti cu havijDone :http://s24.postimg.org/lgfdgv20l/paypal.pngAi pm!PS: prea multe xss. Multe sunt prea simple... Edited May 17, 2013 by yoyois Quote
Sweby Posted May 17, 2013 Report Posted May 17, 2013 (edited) A gresit el prima data. A editat, acum merge bine. Edited May 17, 2013 by Sweby Quote
Active Members dancezar Posted May 17, 2013 Active Members Report Posted May 17, 2013 http://s7.postimg.org/9l4rwh7pl/stone.pngAi pm Quote
StoNe- Posted May 20, 2013 Author Report Posted May 20, 2013 (edited) Si rezolvarea, ca de obicei:Hintul dat este criptat in ATOM-128, de 3 ori, si decriptandu-l, va contine textul "$_GET['h']". Deci, vom seta parametrul GET "h" pentru continuare:Challenge XSS #1In continuare, setat cu acest parametru, avem pe pagina:$_GET["0344ef225724e63e08ab2896224c6b71"] ||| Mihai Daniel 5Observam un sir de caractere criptat, in MD5 [Mihai Daniel 5 (initiale) => MD5]. Acest hash contine cuvantul "celengi", deci $_GET['celengi']. Challenge XSS #1In acest moment putem accesa challenge-ul propriu-zis. Este retaliv simplu, am vrut sa subliniez atentie pentru partea injectata de cod. Partea cea mai "tricky" din challenge (fiecare intelege ce vrea prin "tricky") este ca, cuvintele "alert" si "script" erau filtrate.Un vector, cred ca cel mai simplu si care poate fi inteles de toata lumea este:"><a href=x onmouseover=confirm(2)>XSS</a>Pagina ramane in continuare on, deci puteti sa va exersati "aptitudinile". Succes!// Cine vrea sursa challenge-ului, PM! Edited May 20, 2013 by StoNe- Quote
Renegade Posted May 21, 2013 Report Posted May 21, 2013 @StoNe- : dupa faza cu "?celengi" apare pe pagina "Remove the fucking $_GET".Eu am intrat cu Firebug la Cookie si am gasit valoarea "rst",astfel devine:Challenge XSS #1Ai omis intentionat acest pas la explicarea rezolvarii sau ...? Quote
Sega Posted May 21, 2013 Report Posted May 21, 2013 @Renegade Tie nu iti spune nimic "Remove the fucking $_GET"?De fapt vrea sa zica: "Remove the fucking $_GET and try on $_POST"Enjoy. Quote
StoNe- Posted May 21, 2013 Author Report Posted May 21, 2013 Cum a spus si Sega, trebuia doar sa scoti parametrii GET. Oricum, interesant modul tau de abordare. Quote
