Active Members dancezar Posted December 11, 2013 Active Members Report Posted December 11, 2013 (edited) Target:htxp://www.getmeontop.com/search.php?query=&search=1Dificultate:EasyTasks:-Trebuie sa faceti un vector sa functioneze in acelasi timp pe IE 8 si ChromeReguli:-Nu dati hinturi-Postati o imagine cenzurata cu cu cele 2 browsere-Trimiteti sintaxa prin PMProof:Chrome:http://s21.postimg.org/o43oqrn3b/xss_ch_ch.pngIe:http://s8.postimg.org/6ft1coylw/xss_ch_ch2.jpgSolveri:- akkiliON- FoxKids----- Edited December 14, 2013 by danyweb09 Quote
Active Members akkiliON Posted December 11, 2013 Active Members Report Posted December 11, 2013 (edited) Ai P.M ! Edited December 11, 2013 by akkiliON Quote
DarkPanda Posted December 13, 2013 Report Posted December 13, 2013 Oppss! Am folosit firefox din obisnuinta Quote
FoxKids Posted December 14, 2013 Report Posted December 14, 2013 (edited) Mozila FirefoxInternet explorerGoogle ChormeAi pm... Edited December 14, 2013 by FoxKids Quote
Active Members dancezar Posted December 14, 2013 Author Active Members Report Posted December 14, 2013 Mozila FirefoxInternet explorerGoogle ChormeAi pm...E bine trebuie user interaction dar merge Quote
snq Posted December 14, 2013 Report Posted December 14, 2013 Impossible to do without some weird behavior in that query parameter.There is no chance either of you guys bypassed webkit xss auditor or internet explorer's xss filter. Quote
Active Members dancezar Posted December 14, 2013 Author Active Members Report Posted December 14, 2013 Impossible to do without some weird behavior in that query parameter.There is no chance either of you guys bypassed webkit xss auditor or internet explorer's xss filter.me ,akkilion,Fox we just did it why is impossible? Quote
snq Posted December 14, 2013 Report Posted December 14, 2013 (edited) Ok, prove me wrong.xss this get parameter:efukt.com/?search=<xss vector goes here>.If it works on chrome or IE, i'll take back my words and chop off my balls.As i predicted, weird behavior in GET parameter (just received pm from danyweb), not a bypass in either of the xss filters.It's ok . Edited December 14, 2013 by snq Quote
salaheddin Posted December 16, 2013 Report Posted December 16, 2013 (edited) Edited December 17, 2013 by salaheddin Quote
manxten Posted December 16, 2013 Report Posted December 16, 2013 Oppss! Am folosit firefox din obisnuinta voi nu vedeti ca trebuie sa faceti sa mearga pe chrome si explorer? sau vreti sa dovediti ca sunteti mari "hec?ri" Quote
Active Members dancezar Posted December 16, 2013 Author Active Members Report Posted December 16, 2013 Cerinta e foarte clara Trebuie sa faceti un vector sa functioneze in acelasi timp pe IE 8 si Chrome Quote
Active Members dancezar Posted April 25, 2014 Author Active Members Report Posted April 25, 2014 Thanx for challengeRead the rulles please,if works on IE and Chrome too send me the syntax Quote
Active Members dancezar Posted April 25, 2014 Author Active Members Report Posted April 25, 2014 Citeste complet regurile"Trebuie sa faceti un vector sa functioneze in acelasi timp pe IE 8 si Chrome" Quote
Fed0t Posted April 26, 2014 Report Posted April 26, 2014 Le incerci pe toate pe chrome din lista asta si esti hacker https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Embedded_newline_to_break_up_XSS Quote
Active Members dancezar Posted April 26, 2014 Author Active Members Report Posted April 26, 2014 Le incerci pe toate pe chrome din lista asta si esti hacker https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Embedded_newline_to_break_up_XSSEste vorba despre altceva , site-ul ala are filtru pe un caracter , cu ajutorul acelui filtru poti face "bypass" la auditorul de pe chrome si IE. Plm <script>alert(1);</script> e mult prea simplu. Quote
Fed0t Posted April 26, 2014 Report Posted April 26, 2014 L-am facut pe firefox dar pe chrome nu am reusit si nu am rabdare! GG Quote
Active Members dancezar Posted April 26, 2014 Author Active Members Report Posted April 26, 2014 HINT:hxxp://www.getmeontop.com/search.php?query=organic+search+engine+ranking&search=1Si tineti cont de ce am spus mai sus Quote
Active Members dancezar Posted April 27, 2014 Author Active Members Report Posted April 27, 2014 (edited) CLOSEDOrice pm primit nu se v-a mai lua in considerare.Rezolvarea era foarte simpla!Am dat hintu intr-un post mai sus••••••>GetMeOnTop Search for organic search engine rankingDaca bagati " este eliminat(Inlocuit cu NULL) ,va puteti folosi de el ca faceti bypass la xss auditor.Practic daca introduceti <scri"pt> filtrul v-a elimina " si v-a deveni <script>.••••••>GetMeOnTop Search for organic search engine ranking<scri"pt>alert(1)</script>Si astfel v-a functiona pe ambele browsere!@ Edited April 27, 2014 by danyweb09 Quote