Active Members dancezar Posted June 12, 2013 Active Members Report Posted June 12, 2013 (edited) Dificultate:easy-mediuTarget:http://qwerty1234.zz.mu/xss_qwerty.phpReguli: Postati o imagine cenzurata apoi trimiteti pm cu rezolvareaA si nu dati hinturi.//edit sa mearga pe chromeL-am rugat pe qwerty sa urce scriptul pe un host de al lui.//edit am uitat proofProof:http://postimg.org/image/fppw21qa5/Sovers:-daNNy.bv-qwerty12 (pm cu rezolvarea corecta)-Toshib4 -xTremeSurfer -Andys-akkiliON -TheTime-yoyois-SegaChallenge Closed.Felicitari tuturor!Rezolvare:Este din $_GET['ceva'] cu vectorul:";alert(1);// sau ";alert(1);a="1 Edited June 12, 2013 by danyweb09 Quote
daNNy.bv Posted June 12, 2013 Report Posted June 12, 2013 (edited) edit//a precizat chrome mai tarziu Edited June 12, 2013 by daNNy.bv Quote
Active Members akkiliON Posted June 12, 2013 Active Members Report Posted June 12, 2013 Thanks ! Quote
VaD_SuNeTe Posted June 12, 2013 Report Posted June 12, 2013 Scuze ca ma bag in topic asa de odata, dar vreau sa rezolv challange-ul si .. CPU LIMITED EXCEEDED. Quote
TheTime Posted June 12, 2013 Report Posted June 12, 2013 (edited) Thx! Edited June 12, 2013 by TheTime Quote
yoyois Posted June 12, 2013 Report Posted June 12, 2013 E frumos Dar nu prea ...View image: Untitled Quote
Active Members dancezar Posted June 23, 2013 Author Active Members Report Posted June 23, 2013 you dont see the challenge is closed and the i posted the solving.You just use </script><script>alert(1)</script> is not working on chrome Quote
iRanhackteam Posted June 23, 2013 Report Posted June 23, 2013 (edited) you dont see the challenge is closed and the i posted the solving.You just use </script><script>alert(1)</script> is not working on chromeSo what if the challenge is closed, i fucked your mother.I don't care if it's closed, i'm bored.Back on topic, nice you monitor inputs LOOOL, there are many ways to achieve it, anyway , wth? of course it cannot bypass chrome, no one here can bypass chrome especially you rofl with normal non-persistent xss (1 get variable).//EditJust re-read your thread, idc if it doesn't work on chrome.You need to check your security.~IRAN HACK TEAM! Edited June 23, 2013 by iRanhackteam Quote
Active Members dancezar Posted June 24, 2013 Author Active Members Report Posted June 24, 2013 So what if the challenge is closed, i fucked your mother.I don't care if it's closed, i'm bored.Back on topic, nice you monitor inputs LOOOL, there are many ways to achieve it, anyway , wth? of course it cannot bypass chrome, no one here can bypass chrome especially you rofl with normal non-persistent xss (1 get variable).//EditJust re-read your thread, idc if it doesn't work on chrome.You need to check your security.~IRAN HACK TEAM! [QOUTE]The xss filter on chrome only protects against non-persistent and can be truly bypassed when there are 2 get variables.I've yet to see an xss vector that works against latest chrome version with 1 get variable.you are Mynikka becouse you are banned you make a new account.anyway You are retarded IN SOME SITUATION XSS AUDIOR FROM CHROME IS PASSABLE.So for your knowledge if the xss vector is injected in a <script> tag is 100% passable WITH ONE VARIABLE.Why anywone who solved this challenge can bypass this fucking xss auditor and you cant oooooo becouse we fuck your mother Quote
