Jump to content
dancezar

XSS challenge

Recommended Posts

  • Active Members
Posted (edited)

Dificultate:easy-mediu

Target:http://qwerty1234.zz.mu/xss_qwerty.php

Reguli: Postati o imagine cenzurata apoi trimiteti pm cu rezolvarea

A si nu dati hinturi.

//edit sa mearga pe chrome

L-am rugat pe qwerty sa urce scriptul pe un host de al lui.

//edit am uitat proof

Proof:http://postimg.org/image/fppw21qa5/

Sovers:

-daNNy.bv

-qwerty12 (pm cu rezolvarea corecta)

-Toshib4

-xTremeSurfer

-Andys

-akkiliON

-TheTime

-yoyois

-Sega

Challenge Closed.

Felicitari tuturor!

Rezolvare:

Este din $_GET['ceva'] cu vectorul:";alert(1);// sau ";alert(1);a="1

Edited by danyweb09
Posted (edited)
you dont see the challenge is closed and the i posted the solving.You just use </script><script>alert(1)</script> is not working on chrome

So what if the challenge is closed, i fucked your mother.

I don't care if it's closed, i'm bored.

Back on topic, nice you monitor inputs LOOOL, there are many ways to achieve it, anyway , wth? of course it cannot bypass chrome, no one here can bypass chrome especially you rofl with normal non-persistent xss (1 get variable).

//Edit

Just re-read your thread, idc if it doesn't work on chrome.

You need to check your security.

~IRAN HACK TEAM!

Edited by iRanhackteam
  • Active Members
Posted
So what if the challenge is closed, i fucked your mother.

I don't care if it's closed, i'm bored.

Back on topic, nice you monitor inputs LOOOL, there are many ways to achieve it, anyway , wth? of course it cannot bypass chrome, no one here can bypass chrome especially you rofl with normal non-persistent xss (1 get variable).

//Edit

Just re-read your thread, idc if it doesn't work on chrome.

You need to check your security.

~IRAN HACK TEAM!

[QOUTE]The xss filter on chrome only protects against non-persistent and can be truly bypassed when there are 2 get variables.

I've yet to see an xss vector that works against latest chrome version with 1 get variable.

you are Mynikka becouse you are banned you make a new account.anyway You are retarded IN SOME SITUATION XSS AUDIOR FROM CHROME IS PASSABLE.So for your knowledge if the xss vector is injected in a <script> tag is 100% passable WITH ONE VARIABLE.Why anywone who solved this challenge can bypass this fucking xss auditor and you cant oooooo becouse we fuck your mother

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...