Active Members dancezar Posted June 12, 2013 Active Members Report Share Posted June 12, 2013 (edited) Dificultate:easy-mediuTarget:http://qwerty1234.zz.mu/xss_qwerty.phpReguli: Postati o imagine cenzurata apoi trimiteti pm cu rezolvareaA si nu dati hinturi.//edit sa mearga pe chromeL-am rugat pe qwerty sa urce scriptul pe un host de al lui.//edit am uitat proofProof:http://postimg.org/image/fppw21qa5/Sovers:-daNNy.bv-qwerty12 (pm cu rezolvarea corecta)-Toshib4 -xTremeSurfer -Andys-akkiliON -TheTime-yoyois-SegaChallenge Closed.Felicitari tuturor!Rezolvare:Este din $_GET['ceva'] cu vectorul:";alert(1);// sau ";alert(1);a="1 Edited June 12, 2013 by danyweb09 Quote Link to comment Share on other sites More sharing options...
daNNy.bv Posted June 12, 2013 Report Share Posted June 12, 2013 (edited) edit//a precizat chrome mai tarziu Edited June 12, 2013 by daNNy.bv Quote Link to comment Share on other sites More sharing options...
qwerty12 Posted June 12, 2013 Report Share Posted June 12, 2013 View image: qwerty12 Quote Link to comment Share on other sites More sharing options...
dekeeu Posted June 12, 2013 Report Share Posted June 12, 2013 Quote Link to comment Share on other sites More sharing options...
Andys Posted June 12, 2013 Report Share Posted June 12, 2013 Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted June 12, 2013 Active Members Report Share Posted June 12, 2013 Thanks ! Quote Link to comment Share on other sites More sharing options...
VaD_SuNeTe Posted June 12, 2013 Report Share Posted June 12, 2013 Scuze ca ma bag in topic asa de odata, dar vreau sa rezolv challange-ul si .. CPU LIMITED EXCEEDED. Quote Link to comment Share on other sites More sharing options...
TheTime Posted June 12, 2013 Report Share Posted June 12, 2013 (edited) Thx! Edited June 12, 2013 by TheTime Quote Link to comment Share on other sites More sharing options...
yoyois Posted June 12, 2013 Report Share Posted June 12, 2013 E frumos Dar nu prea ...View image: Untitled Quote Link to comment Share on other sites More sharing options...
Sega Posted June 12, 2013 Report Share Posted June 12, 2013 Quote Link to comment Share on other sites More sharing options...
iRanhackteam Posted June 23, 2013 Report Share Posted June 23, 2013 http://i.imgur.com/egqJKYB.png Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted June 23, 2013 Author Active Members Report Share Posted June 23, 2013 you dont see the challenge is closed and the i posted the solving.You just use </script><script>alert(1)</script> is not working on chrome Quote Link to comment Share on other sites More sharing options...
iRanhackteam Posted June 23, 2013 Report Share Posted June 23, 2013 (edited) you dont see the challenge is closed and the i posted the solving.You just use </script><script>alert(1)</script> is not working on chromeSo what if the challenge is closed, i fucked your mother.I don't care if it's closed, i'm bored.Back on topic, nice you monitor inputs LOOOL, there are many ways to achieve it, anyway , wth? of course it cannot bypass chrome, no one here can bypass chrome especially you rofl with normal non-persistent xss (1 get variable).//EditJust re-read your thread, idc if it doesn't work on chrome.You need to check your security.~IRAN HACK TEAM! Edited June 23, 2013 by iRanhackteam Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted June 24, 2013 Author Active Members Report Share Posted June 24, 2013 So what if the challenge is closed, i fucked your mother.I don't care if it's closed, i'm bored.Back on topic, nice you monitor inputs LOOOL, there are many ways to achieve it, anyway , wth? of course it cannot bypass chrome, no one here can bypass chrome especially you rofl with normal non-persistent xss (1 get variable).//EditJust re-read your thread, idc if it doesn't work on chrome.You need to check your security.~IRAN HACK TEAM! [QOUTE]The xss filter on chrome only protects against non-persistent and can be truly bypassed when there are 2 get variables.I've yet to see an xss vector that works against latest chrome version with 1 get variable.you are Mynikka becouse you are banned you make a new account.anyway You are retarded IN SOME SITUATION XSS AUDIOR FROM CHROME IS PASSABLE.So for your knowledge if the xss vector is injected in a <script> tag is 100% passable WITH ONE VARIABLE.Why anywone who solved this challenge can bypass this fucking xss auditor and you cant oooooo becouse we fuck your mother Quote Link to comment Share on other sites More sharing options...