Jump to content
Todo

[XSS] Challenge

Recommended Posts

Posted (edited)

====OPEN====

Target:

[SIZE=3]
[COLOR="#B22222"]
serversfree.com
[/COLOR]
[/SIZE]

Todo:

  • send PM with your attack vector (REQUIRED!);

  • post screenshot as proof (display your nickname in alert message);

  • be quiet;

PoC:

f77252699d9511fbf8bf4917fa13ce7f.png

Solvers:

  • danyweb09

  • xTremeSurfer

  • Renegade

  • ...

Edited by Todo
Posted
Where is the PM, LOL? :)

I don't need to pm you my vector, the proof is the video.

Whole purpose is proving it's legit, providing a video with a stopwatch is just another alternative to sending a pm.

  • Active Members
Posted
I don't need to pm you my vector, the proof is the video.

Whole purpose is proving it's legit, providing a video with a stopwatch is just another alternative to sending a pm.

is in the same place i found-it:)

Posted
I don't need to pm you my vector, the proof is the video.

Whole purpose is proving it's legit, providing a video with a stopwatch is just another alternative to sending a pm.

Don't care about the video! What's the big deal in sending a PM?

Posted

@ToGays

Broski i just don't want to send my vector ;).

Now stop acting stupid and add me to solvers list, it doesn't really matter anyway everyone including you knows i solved it.

  • Active Members
Posted
@ToGays

Broski i just don't want to send my vector ;).

Now stop acting stupid and add me to solvers list, it doesn't really matter anyway everyone including you knows i solved it.

If your xss vector can't bypass xss auditor from chrome with one variable in normal circumstances is unuseless so if you want to participate on a challenge do it write.

Posted
If your xss vector can't bypass xss auditor from chrome with one variable in normal circumstances is unuseless so if you want to participate on a challenge do it write.

Rofl, nothing can bypass chrome with 1 get variable under "normal circumstances" as with any filter nowadays (IE,noscript,chrome).

Anyway it's another method, not public. That vector will be used to solve my level 2 xss challenge i posted ;). So i can't do it "write".

  • Active Members
Posted

Anyway it's another method, not public. That vector will be used to solve my level 2 xss challenge i posted ;)

i solved your challenge's but is not needed to send you my sintax SO ADD ME TO SOLVER LIST.

//I will post the video proff

Posted
i solved your challenge's but is not needed to send you my sintax SO ADD ME TO SOLVER LIST.

//I will post the video proff

Sure go ahead, just make sure you make the video with the stopwatch and censor required areas like i did. I don't have a problem with that ;).

  • Active Members
Posted (edited)
As i thought danyweb09, it can't be faked unless you spend 10000 hours with the best video editor available in today's world, even then it'd look crap.

Anyway a better challenge to this filter would be to execute http://ha.ckers.org/xss.js.

Proof here:

im1chy.png.

Now i dont have time becouse i work on a project.But when i have time i post the proof.

Ps:Can be faked XAMPP(a html file have the javascript xss on it)+hosts and here we go :)

Now stop with the OFF Topic if you want we can talk on PM

xss3.jpg

For me was the same xss just i put src= and done ,sure on write vector

Edited by danyweb09
Posted
Now i dont have time becouse i work on a project.But when i have time i post the proof.

Ps:Can be faked XAMPP(a html file have the javascript xss on it)+hosts and here we go :)

Now stop with the OFF Topic if you want we can talk on PM

xss3.jpg

For me was the same xss just i put src= and done ,sure on write vector

Ok then i'll be waiting for the demonstration of the fake "proof" video.

Until then you can stop all this bullshit.

Posted

@a12345:

Dude, you obviously got pissed off on this, didn't you? You act like google doesn't want to put you on the HOF. There's no need to call anyone "gay" in here. If you need a boyfriend you might as well close this website and surf the net, you'll definitely find something on your taste. Maybe a russian might fit you, "broski". No one is acting stupid, just because you say so, or because you think you're smarter than you are. And maybe I wanna to do what you tell me. Rules are rules, you solve the challenge, you send the PM, I check the vector, you get a place in the list. Simple as pie.

PS: Your ENG is just so bad it hurts my eyes ("..you knows i solved it..").

Posted
@a12345:

Dude, you obviously got pissed off on this, didn't you? You act like google doesn't want to put you on the HOF. There's no need to call anyone "gay" in here. If you need a boyfriend you might as well close this website and surf the net, you'll definitely find something on your taste. Maybe a russian might fit you, "broski". No one is acting stupid, just because you say so, or because you think you're smarter than you are. And maybe I wanna to do what you tell me. Rules are rules, you solve the challenge, you send the PM, I check the vector, you get a place in the list. Simple as pie.

PS: Your ENG is just so bad it hurts my eyes ("..you knows i solved it..").

Rofl, read the whole sentence you fucking retard, it makes perfect sense and there is no grammatical error.

"Everyone here including you, knows i solved it."
Now do you understand or are you still having trouble with that tiny brain of yours? Might want to rethink who's intelligence you're questioning here, LOL!

This is hilarious, you deleted your comment a billion times and you failed to realize how stupid the comment was on the bottom i remember reading this earlier, now it's a whole different bunch of crap.

Bottom line is, video is proof/alternative to pm and i will no longer respond to your retarded comments.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...