StoNe- Posted May 17, 2013 Report Share Posted May 17, 2013 (edited) Sunt la moda acum challenge-urile XSS, mai iesim din atmosfera SQLi.Target: Challenge XSS #1Hint: Ll6SK5ANb6QfDHXbgmWqQfTGDtKlpiu=bfTP0GrxHG6e+GXQSh6YngT8Vectorul folosit pe PM + screenshot.Succes!Solvers:- yoyois- Sweby- StrXt- danyweb09- Toshib4- akkiliON Edited May 18, 2013 by StoNe- Quote Link to comment Share on other sites More sharing options...
yoyois Posted May 17, 2013 Report Share Posted May 17, 2013 (edited) urat la parte cu md5. Anyway merge sa-l cauti cu havijDone :http://s24.postimg.org/lgfdgv20l/paypal.pngAi pm!PS: prea multe xss. Multe sunt prea simple... Edited May 17, 2013 by yoyois Quote Link to comment Share on other sites More sharing options...
Sweby Posted May 17, 2013 Report Share Posted May 17, 2013 (edited) A gresit el prima data. A editat, acum merge bine. Edited May 17, 2013 by Sweby Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted May 17, 2013 Active Members Report Share Posted May 17, 2013 http://s7.postimg.org/9l4rwh7pl/stone.pngAi pm Quote Link to comment Share on other sites More sharing options...
dekeeu Posted May 17, 2013 Report Share Posted May 17, 2013 Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted May 18, 2013 Active Members Report Share Posted May 18, 2013 Quote Link to comment Share on other sites More sharing options...
StoNe- Posted May 20, 2013 Author Report Share Posted May 20, 2013 (edited) Si rezolvarea, ca de obicei:Hintul dat este criptat in ATOM-128, de 3 ori, si decriptandu-l, va contine textul "$_GET['h']". Deci, vom seta parametrul GET "h" pentru continuare:Challenge XSS #1In continuare, setat cu acest parametru, avem pe pagina:$_GET["0344ef225724e63e08ab2896224c6b71"] ||| Mihai Daniel 5Observam un sir de caractere criptat, in MD5 [Mihai Daniel 5 (initiale) => MD5]. Acest hash contine cuvantul "celengi", deci $_GET['celengi']. Challenge XSS #1In acest moment putem accesa challenge-ul propriu-zis. Este retaliv simplu, am vrut sa subliniez atentie pentru partea injectata de cod. Partea cea mai "tricky" din challenge (fiecare intelege ce vrea prin "tricky") este ca, cuvintele "alert" si "script" erau filtrate.Un vector, cred ca cel mai simplu si care poate fi inteles de toata lumea este:"><a href=x onmouseover=confirm(2)>XSS</a>Pagina ramane in continuare on, deci puteti sa va exersati "aptitudinile". Succes!// Cine vrea sursa challenge-ului, PM! Edited May 20, 2013 by StoNe- Quote Link to comment Share on other sites More sharing options...
Renegade Posted May 21, 2013 Report Share Posted May 21, 2013 @StoNe- : dupa faza cu "?celengi" apare pe pagina "Remove the fucking $_GET".Eu am intrat cu Firebug la Cookie si am gasit valoarea "rst",astfel devine:Challenge XSS #1Ai omis intentionat acest pas la explicarea rezolvarii sau ...? Quote Link to comment Share on other sites More sharing options...
Sega Posted May 21, 2013 Report Share Posted May 21, 2013 @Renegade Tie nu iti spune nimic "Remove the fucking $_GET"?De fapt vrea sa zica: "Remove the fucking $_GET and try on $_POST"Enjoy. Quote Link to comment Share on other sites More sharing options...
StoNe- Posted May 21, 2013 Author Report Share Posted May 21, 2013 Cum a spus si Sega, trebuia doar sa scoti parametrii GET. Oricum, interesant modul tau de abordare. Quote Link to comment Share on other sites More sharing options...