Wednesday, April 23, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 53   
  • · Total Members: 14,551
  • · Newest Member: bhughes
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1277   
    cruizrisner1057   
    Qwexotic1034   
    Null Set869   
    auditorsec603   
    Override602   
    godofcereal599   
    TurboBorland585   
    Teddy469   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Challenges Realistic Hacking Challenges
    Realistic 4
    Register FAQ Members List Today's Posts Search

    Print Thread
    04-06-2010 12:37 AM Realistic 4
    Ok, so it looks like I'm going to be the first to ask for help on this one Smile

    I have a sneaking feeling this is to do with SQL injection but to be totally honest it is just a guess based on the message we recieve whilst trying to log in as Logan.

    Any pointers at all would be a great help.

    --LiquidFusi0n
    Moderating the Modders.
    Thomas Anderson aint got shit on me Smile
    securityoverride.com/images/userbar.png
     
    Offline
    04-06-2010 12:40 AM RE: Realistic 4
    no sql injection xss.
     
    Offline
    04-06-2010 03:51 AM RE: Realistic 4
    Hi ,
    As Bluechill rightly said, there is no sql injection. It is related to XSS. Following XSS tutorial http://securityoverride.com/articles.php?article_id=13&article=The_Complete_Guide_to_XSS may help understand different types of XSS so easier to find XSS flaw page.

    hope this helps ..... Smile
    Smile....Even IMPOSSIBLE says I m possible.... Smile

    And with knowledge comes responsibility.
     
    Offline
    04-08-2010 07:43 AM RE: Realistic 4
    thx 4 the tip on xss Smile
     
    Offline
    04-13-2010 08:47 AM RE: Realistic 4
    Hmm.. I'm a bit stuck, I've set it up, and I know where the injection point is, everything works... And I've tried to submit the ***k**.php page to them so that they'd click on it or something, but I still don't have the.. thing I need.
     
    Offline
    04-13-2010 08:50 AM RE: Realistic 4
    .. Actually.. Do I need the ***k**s? Or is it a type of *S*F vuln?
     
    Offline
    04-13-2010 08:56 AM RE: Realistic 4
    Doesn't matter. Got it Smile
     
    Offline
    04-16-2010 10:13 AM RE: Realistic 4
    Frustratingly close here with this as well. Have the injection point, and I've displayed local "info", but struggling to ge the other ***k**s that I need.

    Do I need to upload something? Or redirect to a pre-prepared location maybe? I feel like I'm missing one vital bit of info here..
     
    Offline
    04-16-2010 11:22 AM RE: Realistic 4
    SmallGods wrote:
    Frustratingly close here with this as well. Have the injection point, and I've displayed local "info", but struggling to ge the other ***k**s that I need.

    Do I need to upload something? Or redirect to a pre-prepared location maybe? I feel like I'm missing one vital bit of info here..

    You have to obtain someone else's ******s...somehow...

    securityoverride.net/images/userbar.png
     
    Offline
    04-17-2010 10:14 PM RE: Realistic 4 | Edited by Null Set 05-21-2013 07:35 AM
    does this involve a ***k** c*tc**r at all
     
    Offline
    04-18-2010 06:29 AM RE: Realistic 4 | Edited by Null Set 05-21-2013 07:37 AM
    Torrment wrote:
    does this involve a ***k** c*tc**r at all

    Yes. And the ***k** c*tc**r have to be at a domain not only an IP like : 95.290.../cookie.php
    Wink
     
    Offline
    04-18-2010 03:31 PM RE: Realistic 4
    So am I right in thinking then that we actually need our own domain name and hosting space to complete this challenge?!!

    I wondered if that was the case, but...really? Sad
     
    Offline
    04-18-2010 03:42 PM RE: Realistic 4
    SmallGods wrote:
    So am I right in thinking then that we actually need our own domain name and hosting space to complete this challenge?!!

    I wondered if that was the case, but...really? Sad

    IP addresses should work now. If not though, please drop me a pm, and we'll work it out. Smile

    securityoverride.net/images/userbar.png
     
    Offline
    04-18-2010 04:37 PM RE: Realistic 4
    Qwexotic wrote:
    SmallGods wrote:
    So am I right in thinking then that we actually need our own domain name and hosting space to complete this challenge?!!

    I wondered if that was the case, but...really? Sad

    IP addresses should work now. If not though, please drop me a pm, and we'll work it out. Smile


    well a domain is just a fancy ip address Wink

    why wouldn't an IP work in the first place. I did it with an IP before I did it again with a domain.
     
    Offline
    04-18-2010 04:54 PM RE: Realistic 4
    bluechill wrote:
    why wouldn't an IP work in the first place. I did it with an IP before I did it again with a domain.

    Because people were b0rking the challenge with bad links, I threw in some preg that checked for a proper domain, and I originally forgot to add IP addresses to the preg function, so the challenge would not work without a domain name. But I fixed it a while back, so it should still work with IP addresses.

    For the record guys, free webhosts work too!

    securityoverride.net/images/userbar.png
     
    Offline
    04-18-2010 05:27 PM RE: Realistic 4

    For the record guys, free webhosts work too!


    yeah subdomain Smile
     
    Offline
    04-19-2010 04:46 PM RE: Realistic 4
    Ok, so I manage to nab my own ******s using my hosted stuff, but not the ones I'm after! Should I be using email? Or have I just got my syntax slightly off?

    If someone could PM me thats done it and just check what I've got, I'd be very grateful - I don't want to post spoilers if I can help it, and I know I'm damn close! Smile
     
    Offline
    04-19-2010 04:52 PM RE: Realistic 4
    the bot is dumb. there is your hint. It also uses old parsers.
     
    Offline
    04-19-2010 06:08 PM RE: Realistic 4
    @SmallGods, feel free to send me what you're trying. Who knows, maybe what you're entering should be valid for the checker?.. Just send me what you're trying in a pm.

    bluechill wrote:
    It also uses old parsers.

    What's that supposed to mean?..

    securityoverride.net/images/userbar.png
     
    Offline
    04-19-2010 10:07 PM RE: Realistic 4 | Edited by bluechill 04-19-2010 10:08 PM
    Qwexotic wrote:
    @SmallGods, feel free to send me what you're trying. Who knows, maybe what you're entering should be valid for the checker?.. Just send me what you're trying in a pm.

    bluechill wrote:
    It also uses old parsers.

    What's that supposed to mean?..


    it means it doesn't accept modern javascript definitions shesh. I don't define the way you have to define javascript modern in the script
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard