Active Members dancezar Posted December 11, 2013 Active Members Report Share Posted December 11, 2013 (edited) Target:htxp://www.getmeontop.com/search.php?query=&search=1Dificultate:EasyTasks:-Trebuie sa faceti un vector sa functioneze in acelasi timp pe IE 8 si ChromeReguli:-Nu dati hinturi-Postati o imagine cenzurata cu cu cele 2 browsere-Trimiteti sintaxa prin PMProof:Chrome:http://s21.postimg.org/o43oqrn3b/xss_ch_ch.pngIe:http://s8.postimg.org/6ft1coylw/xss_ch_ch2.jpgSolveri:- akkiliON- FoxKids----- Edited December 14, 2013 by danyweb09 Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted December 11, 2013 Active Members Report Share Posted December 11, 2013 (edited) Ai P.M ! Edited December 11, 2013 by akkiliON Quote Link to comment Share on other sites More sharing options...
DarkPanda Posted December 13, 2013 Report Share Posted December 13, 2013 Oppss! Am folosit firefox din obisnuinta Quote Link to comment Share on other sites More sharing options...
FoxKids Posted December 14, 2013 Report Share Posted December 14, 2013 (edited) Mozila FirefoxInternet explorerGoogle ChormeAi pm... Edited December 14, 2013 by FoxKids Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted December 14, 2013 Author Active Members Report Share Posted December 14, 2013 Mozila FirefoxInternet explorerGoogle ChormeAi pm...E bine trebuie user interaction dar merge Quote Link to comment Share on other sites More sharing options...
snq Posted December 14, 2013 Report Share Posted December 14, 2013 Impossible to do without some weird behavior in that query parameter.There is no chance either of you guys bypassed webkit xss auditor or internet explorer's xss filter. Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted December 14, 2013 Author Active Members Report Share Posted December 14, 2013 Impossible to do without some weird behavior in that query parameter.There is no chance either of you guys bypassed webkit xss auditor or internet explorer's xss filter.me ,akkilion,Fox we just did it why is impossible? Quote Link to comment Share on other sites More sharing options...
snq Posted December 14, 2013 Report Share Posted December 14, 2013 (edited) Ok, prove me wrong.xss this get parameter:efukt.com/?search=<xss vector goes here>.If it works on chrome or IE, i'll take back my words and chop off my balls.As i predicted, weird behavior in GET parameter (just received pm from danyweb), not a bypass in either of the xss filters.It's ok . Edited December 14, 2013 by snq Quote Link to comment Share on other sites More sharing options...
salaheddin Posted December 16, 2013 Report Share Posted December 16, 2013 (edited) Edited December 17, 2013 by salaheddin Quote Link to comment Share on other sites More sharing options...
manxten Posted December 16, 2013 Report Share Posted December 16, 2013 Oppss! Am folosit firefox din obisnuinta voi nu vedeti ca trebuie sa faceti sa mearga pe chrome si explorer? sau vreti sa dovediti ca sunteti mari "hec?ri" Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted December 16, 2013 Author Active Members Report Share Posted December 16, 2013 Cerinta e foarte clara Trebuie sa faceti un vector sa functioneze in acelasi timp pe IE 8 si Chrome Quote Link to comment Share on other sites More sharing options...
Goke Posted February 16, 2014 Report Share Posted February 16, 2014 pe google chrome chiar nu pot Quote Link to comment Share on other sites More sharing options...
shwekayin Posted April 25, 2014 Report Share Posted April 25, 2014 Thanx for challenge Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted April 25, 2014 Author Active Members Report Share Posted April 25, 2014 Thanx for challengeRead the rulles please,if works on IE and Chrome too send me the syntax Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted April 25, 2014 Author Active Members Report Share Posted April 25, 2014 Citeste complet regurile"Trebuie sa faceti un vector sa functioneze in acelasi timp pe IE 8 si Chrome" Quote Link to comment Share on other sites More sharing options...
Fed0t Posted April 26, 2014 Report Share Posted April 26, 2014 Le incerci pe toate pe chrome din lista asta si esti hacker https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Embedded_newline_to_break_up_XSS Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted April 26, 2014 Author Active Members Report Share Posted April 26, 2014 Le incerci pe toate pe chrome din lista asta si esti hacker https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Embedded_newline_to_break_up_XSSEste vorba despre altceva , site-ul ala are filtru pe un caracter , cu ajutorul acelui filtru poti face "bypass" la auditorul de pe chrome si IE. Plm <script>alert(1);</script> e mult prea simplu. Quote Link to comment Share on other sites More sharing options...
Fed0t Posted April 26, 2014 Report Share Posted April 26, 2014 L-am facut pe firefox dar pe chrome nu am reusit si nu am rabdare! GG Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted April 26, 2014 Author Active Members Report Share Posted April 26, 2014 HINT:hxxp://www.getmeontop.com/search.php?query=organic+search+engine+ranking&search=1Si tineti cont de ce am spus mai sus Quote Link to comment Share on other sites More sharing options...
appo Posted April 26, 2014 Report Share Posted April 26, 2014 Cu Google Chrome nu reusesc Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted April 27, 2014 Author Active Members Report Share Posted April 27, 2014 (edited) CLOSEDOrice pm primit nu se v-a mai lua in considerare.Rezolvarea era foarte simpla!Am dat hintu intr-un post mai sus••••••>GetMeOnTop Search for organic search engine rankingDaca bagati " este eliminat(Inlocuit cu NULL) ,va puteti folosi de el ca faceti bypass la xss auditor.Practic daca introduceti <scri"pt> filtrul v-a elimina " si v-a deveni <script>.••••••>GetMeOnTop Search for organic search engine ranking<scri"pt>alert(1)</script>Si astfel v-a functiona pe ambele browsere!@ Edited April 27, 2014 by danyweb09 Quote Link to comment Share on other sites More sharing options...