Active Members dancezar Posted November 10, 2014 Active Members Report Share Posted November 10, 2014 (edited) URL: http://www.pwnthecode.org/challenges/xss_chall.php/Y2FjYXQ=Level: ?Cerinte:1) Folositi numai google chrome (cu altceva nu merge rezolvat)2) Scoateti o alerta ( nu confirm nu promt) cu document.cookieHint: Ca sa nu va bateti capu aiurea , nu are legatura cu sursa obuscataSolvers:-BitMap -dcristi-dekeeu- Edited November 14, 2014 by danyweb09 Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted November 11, 2014 Author Active Members Report Share Posted November 11, 2014 *.*.*.* - - [10/Nov/2014:19:13:09 +0100] "GET HTTP/1.0" 304 198 "http://www.pwnthecode.org/challenges/xss_chall.php/ce-ai-facut-mai-dany-aici-))" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36")) bineBaieti ... e un string codat in base64 zau , toti numai dupa stringul in base64 anaintea lui ,in interiorul lui , dar de decodat si codat la loc ati incercat?Este doom apropo... Quote Link to comment Share on other sites More sharing options...
BitMap Posted November 11, 2014 Report Share Posted November 11, 2014 Stiam eu ca o sa se uite cineva pe acolo Mai glumim, mai incercam, dar dovada stii cam pe unde e GJ. Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted November 12, 2014 Author Active Members Report Share Posted November 12, 2014 (edited) Stiam eu ca o sa se uite cineva pe acolo Mai glumim, mai incercam, dar dovada stii cam pe unde e GJ.))))))) nu ma asteptam ca tu sa fi fost, bravo boss, interesanta rezolvarea ta ai pm cu cea pe care am gandito eu .Apropo uitati ceva interesant din loguri:*.*.*.* - - [12/Nov/2014:01:34:40 +0100] "GET /challenges/xss_chall.php/acunetix-wvs-test-for-some-inexistent-file HTTP/1.0" 200 6310 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"sau de la acelasi persoana:*.*.*.*- - [12/Nov/2014:01:34:55 +0100] "GET /challenges/xss_chall.php/?page=../../../../../../../../../etc/passwd%00.jpg HTTP/1.0" 200 6203 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"*.*.*.* - - [12/Nov/2014:01:35:12 +0100] "GET /challenges/xss_chall.php//.../.../.../.../.../.../.../.../windows/win.ini HTTP/1.0" 200 6203 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36" Edited November 12, 2014 by danyweb09 Quote Link to comment Share on other sites More sharing options...
SilenTx0 Posted November 12, 2014 Report Share Posted November 12, 2014 Hai cu Haviju'. Quote Link to comment Share on other sites More sharing options...
dcristi Posted November 12, 2014 Report Share Posted November 12, 2014 (edited) Cu firefox se pune? Edited November 12, 2014 by dcristi Quote Link to comment Share on other sites More sharing options...
SilenTx0 Posted November 12, 2014 Report Share Posted November 12, 2014 Cu firefox se pune? Da se pune, felicit?ri. Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted November 12, 2014 Active Members Report Share Posted November 12, 2014 A l?sat o "urm?" @dcristi. Ar fi bine s? o cenzura?i. Quote Link to comment Share on other sites More sharing options...
dcristi Posted November 12, 2014 Report Share Posted November 12, 2014 A l?sat o "urm?" @dcristi. Ar fi bine s? o cenzura?i.Done. Scuze. Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted November 12, 2014 Author Active Members Report Share Posted November 12, 2014 Done. Scuze.Sa zicem ... Desi pe chrome nu are cum sa mearga Quote Link to comment Share on other sites More sharing options...
dekeeu Posted November 12, 2014 Report Share Posted November 12, 2014 Quote Link to comment Share on other sites More sharing options...
dcristi Posted November 14, 2014 Report Share Posted November 14, 2014 Quote Link to comment Share on other sites More sharing options...