|01-28-2014 06:30 AM|
|I am stuck with this challenge. I've tried many scripts but unsuccessful. Any hints please.|
|01-28-2014 10:01 AM|
|I would suggest yoU Relay need to Look where to inject you code. Hint.|
|01-29-2014 12:49 AM||| Edited by Override 01-29-2014 11:55 AM|
|Is there a filter I have to bypass or just a simple alert should do the job. I've read many articles on XSS cross-scripting but wasn't able to figure it out yet. And is there any hint in the source code to tell where to inject the code. your help is appreciated. Thank you.|
|01-29-2014 11:55 AM|
|The hint on where to inject your code Override just gave you in his post ... Read his post carefully and you will understand.|
|01-29-2014 01:59 PM|
you have to inject a simple injection , you don't want to bypass any filter look at the source and exploit the hint
|01-30-2014 12:57 AM|
|Do you mean I have to inject the code in the URL. I've tried this and was unsuccessful.|
|01-30-2014 03:13 AM|
|Make sure you understand why exactly should that work. That way you'll have no trouble figuring out why your injection doesn't work.|
|01-30-2014 04:14 AM||| Edited by madsoft 01-30-2014 05:19 AM|
Normally I'm not that into the "me too!", but since this thread is already here...
Having some difficulty as well here. I tried to inject code at several places (found the hints) but no go. I did get the page to show a popup with 'xss' but that didn't seem to be the solution (no congrats). It might be my lack of understanding the HTML code......
So any suggestions on some reading material to upgrade my knowledge?
Hm, found a second second way to get that popup but still not the right one it seems.
|01-30-2014 10:24 AM|
|01-30-2014 10:53 AM|
Mmmm, was thinking about that as wel. Made the changes in the source but after a refresh they're gone. My idea was that you wan't to do it by adding something to the url, but special characters are filtered out. Read override's comment and found several hints in the pages. But like one said: the hard part is to figure out where to inject.
Kinda stumped at the moment.
|01-30-2014 02:06 PM|
You're thinking right.
However, nothing is filtered here. The mission is simulated and hence only the "expected" answer produces a "good" output. But, I repeat, assume there are no filters. Don't rely on the feedback.
|01-30-2014 03:07 PM|
But, I repeat, assume there are no filters. Don't rely on the feedback.
*There is no spoon*
The most simple solution is often the correct one..... Let's add a touch of Occam's razor here and see where I get.
|04-07-2014 01:42 PM|
I understood all the hints, I know what and where I have to put my scripts but nothing that I do works...please help...
|04-07-2014 05:47 PM|
|For everyone look at the source and you'll understand that you need a specific XSS alert.|
|Jump to Forum:
Forum powered by fusionBoard