Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Awesome XSS challenge
Posted by: Gareth Heyes
Date: March 03, 2011 11:11AM

Can you do it?

http://bit.ly/dMYhcB

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Awesome XSS challenge
Posted by: Albino
Date: March 03, 2011 11:43AM

Nope :(

The line
if ((url.charAt(0)=="/") &&(url.charAt(1)=="/")) {  return false;}
looks like the weakest link, but I don't know any unfiltered vector that uses //

Options: ReplyQuote
Re: Awesome XSS challenge
Posted by: Gareth Heyes
Date: March 03, 2011 12:12PM

Don't worry the destroyer of all challenges .mario is even having trouble with this one ;)

/me === done :D

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Awesome XSS challenge
Date: March 03, 2011 12:33PM

Ummm...

too hard.
cannot emerge from src attribute.

--
Yosuke HASEGAWA
http://utf-8.jp/

Options: ReplyQuote
Re: Awesome XSS challenge
Posted by: Anonymous User
Date: March 03, 2011 05:20PM

I have a kinda-solution independent of the OS, tricking an important check in the code to assume something wrong. Sometimes size matters.

Translating earlier posts of the contest author helped. And yes - testing on Windows helps too. I spent some time testing on Linux. Meh :)

Options: ReplyQuote
Re: Awesome XSS challenge
Posted by: SW
Date: March 08, 2011 12:59AM

Too hard. Must rely on some encoding trick or something I don't know about. :P

Options: ReplyQuote
Re: Awesome XSS challenge
Posted by: Gareth Heyes
Date: March 08, 2011 07:58AM

@SW

Too hard for you? Nah. You need to open your mind and think about the challenge in a different way. This is one of the best challenges I've seen because it relies on thinking about the problem in a different way :D

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Awesome XSS challenge
Posted by: barbarianbob
Date: March 09, 2011 01:54AM

I got it :D

As already mentioned, it's a really nice challenge because it requires you to look from a different angle.

Options: ReplyQuote


Sorry, only registered users may post in this forum.