Jump to content
Todo

[XSS] Challenge

By Todo, in Challenges (CTF)

Recommended Posts

Todo Newbie

Todo

Posted
Posted (edited)

====OPEN====

Target:

[SIZE=3]
[COLOR="#B22222"]
serversfree.com
[/COLOR]
[/SIZE]

Todo:

  • send PM with your attack vector (REQUIRED!);

  • post screenshot as proof (display your nickname in alert message);

  • be quiet;

PoC:

f77252699d9511fbf8bf4917fa13ce7f.png

Solvers:

  • danyweb09

  • xTremeSurfer

  • Renegade

  • ...

Edited by Todo
Link to comment
Share on other sites
  • Active Members
dancezar Newbie

dancezar

Posted
  • Active Members
Posted
@ToGays

Broski i just don't want to send my vector ;).

Now stop acting stupid and add me to solvers list, it doesn't really matter anyway everyone including you knows i solved it.

If your xss vector can't bypass xss auditor from chrome with one variable in normal circumstances is unuseless so if you want to participate on a challenge do it write.

Link to comment
Share on other sites
a1234 Newbie

a1234

Posted
Posted
If your xss vector can't bypass xss auditor from chrome with one variable in normal circumstances is unuseless so if you want to participate on a challenge do it write.

Rofl, nothing can bypass chrome with 1 get variable under "normal circumstances" as with any filter nowadays (IE,noscript,chrome).

Anyway it's another method, not public. That vector will be used to solve my level 2 xss challenge i posted ;). So i can't do it "write".

Link to comment
Share on other sites
  • Active Members
dancezar Newbie

dancezar

Posted
  • Active Members
Posted (edited)
As i thought danyweb09, it can't be faked unless you spend 10000 hours with the best video editor available in today's world, even then it'd look crap.

Anyway a better challenge to this filter would be to execute http://ha.ckers.org/xss.js.

Proof here:

im1chy.png.

Now i dont have time becouse i work on a project.But when i have time i post the proof.

Ps:Can be faked XAMPP(a html file have the javascript xss on it)+hosts and here we go :)

Now stop with the OFF Topic if you want we can talk on PM

xss3.jpg

For me was the same xss just i put src= and done ,sure on write vector

Edited by danyweb09
Link to comment
Share on other sites
a12345 Newbie

a12345

Posted
Posted
Now i dont have time becouse i work on a project.But when i have time i post the proof.

Ps:Can be faked XAMPP(a html file have the javascript xss on it)+hosts and here we go :)

Now stop with the OFF Topic if you want we can talk on PM

xss3.jpg

For me was the same xss just i put src= and done ,sure on write vector

Ok then i'll be waiting for the demonstration of the fake "proof" video.

Until then you can stop all this bullshit.

Link to comment
Share on other sites
Todo Newbie

Todo

Posted
  • Author
Posted

@a12345:

Dude, you obviously got pissed off on this, didn't you? You act like google doesn't want to put you on the HOF. There's no need to call anyone "gay" in here. If you need a boyfriend you might as well close this website and surf the net, you'll definitely find something on your taste. Maybe a russian might fit you, "broski". No one is acting stupid, just because you say so, or because you think you're smarter than you are. And maybe I wanna to do what you tell me. Rules are rules, you solve the challenge, you send the PM, I check the vector, you get a place in the list. Simple as pie.

PS: Your ENG is just so bad it hurts my eyes ("..you knows i solved it..").

Link to comment
Share on other sites
a12345 Newbie

a12345

Posted
Posted
@a12345:

Dude, you obviously got pissed off on this, didn't you? You act like google doesn't want to put you on the HOF. There's no need to call anyone "gay" in here. If you need a boyfriend you might as well close this website and surf the net, you'll definitely find something on your taste. Maybe a russian might fit you, "broski". No one is acting stupid, just because you say so, or because you think you're smarter than you are. And maybe I wanna to do what you tell me. Rules are rules, you solve the challenge, you send the PM, I check the vector, you get a place in the list. Simple as pie.

PS: Your ENG is just so bad it hurts my eyes ("..you knows i solved it..").

Rofl, read the whole sentence you fucking retard, it makes perfect sense and there is no grammatical error.

"Everyone here including you, knows i solved it."
Now do you understand or are you still having trouble with that tiny brain of yours? Might want to rethink who's intelligence you're questioning here, LOL!

This is hilarious, you deleted your comment a billion times and you failed to realize how stupid the comment was on the bottom i remember reading this earlier, now it's a whole different bunch of crap.

Bottom line is, video is proof/alternative to pm and i will no longer respond to your retarded comments.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...