Saturday, October 25, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 29   
  • · Total Members: 16,750
  • · Newest Member: Nemeziz
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1291   
    cruizrisner1062   
    Qwexotic1034   
    Null Set870   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Challenges Basic Hacking Challenges
    Basic 14 - XSS
    Register FAQ Members List Today's Posts Search

    Print Thread
    04-02-2010 01:42 PM Basic 14 - XSS
    I've been playing around with this, and have managed to get the tags I want showing up properly, however I'm struggling to get quotes appearing - tried some of the possible workarounds, but obviously not the right one, assuming im on the right track..

    Anyone got any nudges in the right direction? I've been reading through http://securityoverride.com/articles.php?article_id=13&article=The_Complete_Guide_to_XSS but struggling to finish off what I think is the right track..

    Cheers,
    SmallGods
     
    Offline
    04-02-2010 02:11 PM RE: Basic 14 - XSS
    the following link might help you out Wink

    http://www.googlebig.com/forum/book-of-xss-csrf-base-advanced-t-18773.html18773.html

    ---------------------------------------------
    "Every great story on the planet happened when someone decided
    not to give up, but kept going no matter what.
    "
    Spryte Loriano
     
    Offline
    04-02-2010 02:55 PM RE: Basic 14 - XSS
    Hmmm, definitely some useful stuff in there...inbetween all the Spanish anyways... Wink

    Cheers, will keep plugging away it! Uncovered some slightly odd behaviour I intend to follow up. I get this feeling there's two threads of exploration I'm trying, neither of which are right, but if I could just combine them in the right way... Smile

    SmallGods
     
    Offline
    04-02-2010 03:05 PM RE: Basic 14 - XSS
    D: It is not spanish! It is italian you monster!

    And yes definitely some good stuff if you know the power of google.
     
    Offline
    04-02-2010 07:33 PM RE: Basic 14 - XSS | Edited by OnlyHuman 04-02-2010 07:44 PM
    If I'm drawing the proper conclusions about what you're attempting for this challenge, it sounds like you're drastically over-thinking the situation. You should begin with a firm grounding in XSS yes, but you'll need to narrow your search. You're not only looking for an XSS exploit, but also a vulnerability in the system used to support the bullentin board for that challenge. You can start your search there. Just remember, sometimes things don't always work as written. Here's a hint: Apply the KISS principle. The simpler the injection, the better. Good luck.
     
    Offline
    04-03-2010 08:24 AM RE: Basic 14 - XSS | Edited by SmallGods 04-03-2010 08:25 AM
    Hmmm, well I'm pretty well grounded in XSS now having read a hundred and one white papers on the subject, and I believe I know the exploit I need to use, so I'll focus on looking for a vulnerability.

    Cheers for the help people!

    And DamegedSpy - all I can do is apologize to you and the people of Italy, and pray for forgiveness Wink
     
    Offline
    04-03-2010 02:27 PM RE: Basic 14 - XSS
    Pfft thanks.
    I forgive you.(Mexico)
    Any Spanish or Italian here?
     
    Offline
    04-03-2010 09:23 PM RE: Basic 14 - XSS
    Maybe look into some way to use one of the BBCodes to launch the attack. Make sure to pay attention to the word expression and think about old IE attacks. Join all off that together in a Google search and hopefully it will guide you in the right direction Smile

    --LiquidFusi0n
    Moderating the Modders.
    Thomas Anderson aint got shit on me Smile
    securityoverride.com/images/userbar.png
     
    Offline
    05-04-2010 05:28 PM RE: Basic 14 - XSS | Edited by Qwexotic 05-04-2010 05:58 PM
    Man this challenge is frustrating. I've tried all I know and still can't get it. Hmm. Can anyone give a little more push? I know why e********* is the keyword and I've been trying stuff up with it but it just wont work.

    // Removed spoiler - Qwexotic
     
    Offline
    05-04-2010 05:59 PM RE: Basic 14 - XSS
    Null Set wrote:
    Man this challenge is frustrating. I've tried all I know and still can't get it. Hmm. Can anyone give a little more push? I know why e********* is the keyword and I've been trying stuff up with it but it just wont work.

    Remember, it's a function. Use it like a function.

    Do NOT over-complicate it. It's probably significantly simpler than what you are trying.

    securityoverride.net/images/userbar.png
     
    Offline
    05-04-2010 11:51 PM RE: Basic 14 - XSS
    Qwexotic wrote:
    Null Set wrote:
    Man this challenge is frustrating. I've tried all I know and still can't get it. Hmm. Can anyone give a little more push? I know why e********* is the keyword and I've been trying stuff up with it but it just wont work.

    Remember, it's a function. Use it like a function.

    Do NOT over-complicate it. It's probably significantly simpler than what you are trying.


    Not really. It's just a one liner. Must be the characters I'm using. Or I don't know for sure.
     
    Offline
    05-05-2010 03:44 AM RE: Basic 14 - XSS
    Null Set wrote:
    Qwexotic wrote:
    Null Set wrote:
    Man this challenge is frustrating. I've tried all I know and still can't get it. Hmm. Can anyone give a little more push? I know why e********* is the keyword and I've been trying stuff up with it but it just wont work.

    Remember, it's a function. Use it like a function.

    Do NOT over-complicate it. It's probably significantly simpler than what you are trying.


    Not really. It's just a one liner. Must be the characters I'm using. Or I don't know for sure.


    I agree to Qwexotic, it is really simple and you are on right track but over thinking, Try an unconventional way to Pop an alert.......within your string.

    Hope it helps .... Smile
    Smile....Even IMPOSSIBLE says I m possible.... Smile

    And with knowledge comes responsibility.
     
    Offline
    05-05-2010 05:57 AM RE: Basic 14 - XSS
    This challenge is really simulated ,i love the way Qwexotic made it . use my above link for the hints ,you will get it ,Wink

    -------------------------------------------------------
    "Every great story on the planet happened when someone decided
    not to give up, but kept going no matter what.
    "
    Spryte Loriano
     
    Offline
    05-05-2010 07:45 AM RE: Basic 14 - XSS
    ne011 wrote:
    This challenge is really simulated ,i love the way Qwexotic made it . use my above link for the hints ,you will get it ,Wink

    -------------------------------------------------------


    In the link you posted above, I found 2 appropriate looking exploits both using the tags provided for in the challenge. However, they don't work at face value. Hmm. I think they're the right ones, I just can't figure out how to tweak them properly.
     
    Offline
    05-05-2010 11:25 AM RE: Basic 14 - XSS
    Actually guys, I finally got it. Thanks for the help!
     
    Offline
    05-24-2010 02:44 PM RE: Basic 14 - XSS | Edited by Qwexotic 05-24-2010 05:07 PM
    I'm still stuck with this one, everything I try fails, gets encoded. Tried exploiting the BBCode, no luck. All HTML tags fail as well. Doh!!

    Am I right along the lines of IE's "e*********()" issue?

    // Removed spoiler - Qwexotic
     
    Offline
    05-24-2010 03:46 PM RE: Basic 14 - XSS
    This was a pain in the ass, only to find out it's incredibly strange filtering and slightly unrealistic.

    Now, first thing that got me, was make sure to end the tag, otherwise it won't work.

    Next, they're only whitelisting one thing, nothing else seems to matter when it passes through. So you don't have to worry about compounding the variable + e*********.
     
    Offline
    05-25-2010 04:51 AM RE: Basic 14 - XSS
    OK, I know what the exploit is, but nothing works, BBCode is strict and all HTML is encoded. Really frustrating this one. I looked at loads of online articles about different XSS attacks.
     
    Offline
    05-25-2010 08:17 AM RE: Basic 14 - XSS
    blandyuk wrote:
    OK, I know what the exploit is, but nothing works, BBCode is strict and all HTML is encoded. Really frustrating this one. I looked at loads of online articles about different XSS attacks.


    Well, all the links posted here DO NOT have the answer. That's because it was simulated to be way way simpler. Smile In real life, all you've tried should've worked, but the biggest clue here should be that it's a shorter code that you need to use. Goodluck! Grin
     
    Offline
    05-25-2010 09:39 PM RE: Basic 14 - XSS
    TurboBorland wrote:
    This was a pain in the ass, only to find out it's incredibly strange filtering and slightly unrealistic.

    Now, first thing that got me, was make sure to end the tag, otherwise it won't work.

    Next, they're only whitelisting one thing, nothing else seems to matter when it passes through. So you don't have to worry about compounding the variable + e*********.

    Of course it is "strange filtering and slightly unrealistic."

    I designed the challenge to have one way of beating the challenge, so anything else will not pass, but that one thing will. The idea is to teach about the dangers of unfiltered bbcodes, as well as IEx which I'm sure you all are already familiar with. Pfft

    It is very simple, but the way you use it is the trickiest part. And I completely rewrote this challenge from my original code. Remember HvS? I had made that simulated, but to the point where it would accept dynamic answers. Same idea here, but I coded it even more dynamically, so more submissions fly past the filter, but they still have to have the same basic exploitation principle... Wink

    securityoverride.net/images/userbar.png
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard