[HARD] Xss challenge

dancezar · November 28, 2013

Target : hxxp://www.musicsrc.com/search.php?query=

Reguli :

-Injectati vectorul xss numai in linkul indicat alta locatie nu este permisa

-Trimiteti sintaxa prin PM

-Nu divulgati rezolvarea

Proof:

http://s7.postimg.org/w65m8ip63/xss_challenge.png

Solveri:

-Toshib4

-askwrite

-

Edited December 6, 2013 by danyweb09

dekeeu · November 28, 2013

+PM.

dustfeather · November 28, 2013

La 1h distanta cineva a rezolvat challenge-ul ... de ce e "[HARD]" ?

dancezar · November 29, 2013

Am cam exagerat este cam de Mediu spre HARD , Toshib4 l-a rezolvat in timpul asta pentru ca este priceput(apropo bravo:D)

//am editat titlul

El_Strong · December 5, 2013

@danyweb09Coi

This challenge is very easy, i really don't see why you describe this as "HARD", try my level 1 xss challenge here:http://12342.site11.com/level1.php?a=. That is a hard challenge.

Here are challenges i made from your challenge:

I completed the challenge without user interaction on IE 10 (xss filter=enabled).

I also completed the challenge bypassing IE 10's xss filter, chrome's webkit xss auditor and i have it working on the following browsers:Opera,firefox,chrome,internet explorer.

I'll post the challenge soon .

Edited December 5, 2013 by El_Strong

El_Strong · December 5, 2013

Here:https://rstforums.com/forum/78344-hard-xss-challenge.rst.

Good luck, you'll need it.

Strongboi_2 · December 8, 2013

Vector:

' onmouseover=alert(/Strongboi/) '

Encoded:

' onmouseover=alert%26%2340%3b/Strongboi/%26%2341%3b '.

Real challenge for everyone else (bypass chrome's xss filter and IE's xss filter and make it work on both browsers without user interaction).

dancezar · December 8, 2013

MusicSRC.com | \' Onerror =alert(1) Asd= Artists & Albums'

Why your fucking bypass shit is so challenging?

Haxoru puli care te crezi tu

Strongboi_2 · December 8, 2013

MusicSRC.com | \' Onerror =alert(1) Asd= Artists & Albums'
Why your fucking bypass shit is so challenging?
Haxoru puli care te crezi tu

After 3 days, you still failed. Also, that doesn't work on chrome LOL!.

dancezar · December 8, 2013

After 3 days, you still failed. Also, that doesn't work on chrome LOL!.

after one minute,and you are still stupid View image: asda

//este si ultima versiune de chrome

Edited December 8, 2013 by danyweb09

Strongboi_2 · December 8, 2013

after one minute,and you are still stupid View image: asda
//este si ultima versiune de chrome

After 3 days, you finally added the single quote at the end to make it work (you're a quick editor).

Anyway, it's always a pleasure to challenge you by making a challenge from your lame ass challenges.

dancezar · December 8, 2013

3 days to add a fucking (?

the single quote was there but you are blind.

Bucura-te de sederea pe rst presimt ca in maxim 2 ore faci tu ceva si iei ban

//sa inchida cineva topicul

// edit: done

Edited December 8, 2013 by aelius
x

Sign In

[HARD] Xss challenge

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites