Thread subject: Security Override :: Basic 14 - XSS

Posted by SmallGods on 04/02/2010 13:42:47
#1

I've been playing around with this, and have managed to get the tags I want showing up properly, however I'm struggling to get quotes appearing - tried some of the possible workarounds, but obviously not the right one, assuming im on the right track..

Anyone got any nudges in the right direction? I've been reading through http://securityoverride.com/articles.php?article_id=13&article=The_Complete_Guide_to_XSS but struggling to finish off what I think is the right track..

Cheers,
SmallGods

Posted by ne011 on 04/02/2010 14:11:50
#2

the following link might help you out ;)

http://www.googlebig.com/forum/book-of-xss-csrf-base-advanced-t-18773.html18773.html

---------------------------------------------

Posted by SmallGods on 04/02/2010 14:55:14
#3

Hmmm, definitely some useful stuff in there...inbetween all the Spanish anyways... ;)

Cheers, will keep plugging away it! Uncovered some slightly odd behaviour I intend to follow up. I get this feeling there's two threads of exploration I'm trying, neither of which are right, but if I could just combine them in the right way... :)

SmallGods

Posted by DamegedSpy on 04/02/2010 15:05:14
#4

D: It is not spanish! It is italian you monster!

And yes definitely some good stuff if you know the power of google.

Posted by OnlyHuman on 04/02/2010 19:33:18
#5

If I'm drawing the proper conclusions about what you're attempting for this challenge, it sounds like you're drastically over-thinking the situation. You should begin with a firm grounding in XSS yes, but you'll need to narrow your search. You're not only looking for an XSS exploit, but also a vulnerability in the system used to support the bullentin board for that challenge. You can start your search there. Just remember, sometimes things don't always work as written. Here's a hint: Apply the KISS principle. The simpler the injection, the better. Good luck.

Edited by OnlyHuman on 04/02/2010 19:44:28

Posted by SmallGods on 04/03/2010 08:24:51
#6

Hmmm, well I'm pretty well grounded in XSS now having read a hundred and one white papers on the subject, and I believe I know the exploit I need to use, so I'll focus on looking for a vulnerability.

Cheers for the help people!

And DamegedSpy - all I can do is apologize to you and the people of Italy, and pray for forgiveness ;)

Edited by SmallGods on 04/03/2010 08:25:14

Posted by DamegedSpy on 04/03/2010 14:27:33
#7

:P thanks.
I forgive you.(Mexico)
Any Spanish or Italian here?

Posted by LiquidFusi0n on 04/03/2010 21:23:56
#8

Maybe look into some way to use one of the BBCodes to launch the attack. Make sure to pay attention to the word expression and think about old IE attacks. Join all off that together in a Google search and hopefully it will guide you in the right direction :)

--LiquidFusi0n

Posted by Null Set on 05/04/2010 17:28:02
#9

Man this challenge is frustrating. I've tried all I know and still can't get it. Hmm. Can anyone give a little more push? I know why e********* is the keyword and I've been trying stuff up with it but it just wont work.

// Removed spoiler - Qwexotic

Edited by Qwexotic on 05/04/2010 17:58:49

Posted by Qwexotic on 05/04/2010 17:59:39
#10

Null Set wrote:
Man this challenge is frustrating. I've tried all I know and still can't get it. Hmm. Can anyone give a little more push? I know why e********* is the keyword and I've been trying stuff up with it but it just wont work.

Remember, it's a function. Use it like a function.

Do NOT over-complicate it. It's probably significantly simpler than what you are trying.

Posted by Null Set on 05/04/2010 23:51:28
#11

Qwexotic wrote:
Null Set wrote:
Man this challenge is frustrating. I've tried all I know and still can't get it. Hmm. Can anyone give a little more push? I know why e********* is the keyword and I've been trying stuff up with it but it just wont work.

Remember, it's a function. Use it like a function.

Do NOT over-complicate it. It's probably significantly simpler than what you are trying.


Not really. It's just a one liner. Must be the characters I'm using. Or I don't know for sure.

Posted by auditorsec on 05/05/2010 03:44:05
#12

Null Set wrote:
Qwexotic wrote:
Null Set wrote:
Man this challenge is frustrating. I've tried all I know and still can't get it. Hmm. Can anyone give a little more push? I know why e********* is the keyword and I've been trying stuff up with it but it just wont work.

Remember, it's a function. Use it like a function.

Do NOT over-complicate it. It's probably significantly simpler than what you are trying.


Not really. It's just a one liner. Must be the characters I'm using. Or I don't know for sure.


I agree to Qwexotic, it is really simple and you are on right track but over thinking, Try an unconventional way to Pop an alert.......within your string.

Hope it helps .... :)

Posted by ne011 on 05/05/2010 05:57:44
#13

This challenge is really simulated ,i love the way Qwexotic made it . use my above link for the hints ,you will get it ,;)

-------------------------------------------------------

Posted by Null Set on 05/05/2010 07:45:47
#14

ne011 wrote:
This challenge is really simulated ,i love the way Qwexotic made it . use my above link for the hints ,you will get it ,;)

-------------------------------------------------------


In the link you posted above, I found 2 appropriate looking exploits both using the tags provided for in the challenge. However, they don't work at face value. Hmm. I think they're the right ones, I just can't figure out how to tweak them properly.

Posted by Null Set on 05/05/2010 11:25:21
#15

Actually guys, I finally got it. Thanks for the help!

Posted by blandyuk on 05/24/2010 14:44:30
#16

I'm still stuck with this one, everything I try fails, gets encoded. Tried exploiting the BBCode, no luck. All HTML tags fail as well. Doh!!

Am I right along the lines of IE's "e*********()" issue?

// Removed spoiler - Qwexotic

Edited by Qwexotic on 05/24/2010 17:07:12

Posted by TurboBorland on 05/24/2010 15:46:00
#17

This was a pain in the ass, only to find out it's incredibly strange filtering and slightly unrealistic.

Now, first thing that got me, was make sure to end the tag, otherwise it won't work.

Next, they're only whitelisting one thing, nothing else seems to matter when it passes through. So you don't have to worry about compounding the variable + e*********.

Posted by blandyuk on 05/25/2010 04:51:59
#18

OK, I know what the exploit is, but nothing works, BBCode is strict and all HTML is encoded. Really frustrating this one. I looked at loads of online articles about different XSS attacks.

Posted by Null Set on 05/25/2010 08:17:02
#19

blandyuk wrote:
OK, I know what the exploit is, but nothing works, BBCode is strict and all HTML is encoded. Really frustrating this one. I looked at loads of online articles about different XSS attacks.


Well, all the links posted here DO NOT have the answer. That's because it was simulated to be way way simpler. :) In real life, all you've tried should've worked, but the biggest clue here should be that it's a shorter code that you need to use. Goodluck! :D

Posted by Qwexotic on 05/25/2010 21:39:17
#20

TurboBorland wrote:
This was a pain in the ass, only to find out it's incredibly strange filtering and slightly unrealistic.

Now, first thing that got me, was make sure to end the tag, otherwise it won't work.

Next, they're only whitelisting one thing, nothing else seems to matter when it passes through. So you don't have to worry about compounding the variable + e*********.

Of course it is "strange filtering and slightly unrealistic."

I designed the challenge to have one way of beating the challenge, so anything else will not pass, but that one thing will. The idea is to teach about the dangers of unfiltered bbcodes, as well as IEx which I'm sure you all are already familiar with. :P

It is very simple, but the way you use it is the trickiest part. And I completely rewrote this challenge from my original code. Remember HvS? I had made that simulated, but to the point where it would accept dynamic answers. Same idea here, but I coded it even more dynamically, so more submissions fly past the filter, but they still have to have the same basic exploitation principle... ;)

Posted by TurboBorland on 05/26/2010 10:08:38
#21

But the problem is, you have no idea that the injection actually works because ONLY the injection works.

You have whitelist filters that work and then you have the ones that don't in order for you to pass.

Posted by Null Set on 05/26/2010 10:14:19
#22

TurboBorland wrote:
But the problem is, you have no idea that the injection actually works because ONLY the injection works.

You have whitelist filters that work and then you have the ones that don't in order for you to pass.


Well, truth is, that challenge would be better if more of the actual exploits complete the mission. However, you have all those safety issues flying about and all that.

Posted by TurboBorland on 05/26/2010 11:26:20
#23

Meh, I don't think it's a security issue. Just look at basic 11.

Edited by TurboBorland on 05/26/2010 11:34:03

Posted by Null Set on 05/26/2010 11:41:55
#24

Hmm, as it seems, the simplification kind of made the challenge unsolvable through natural ways of thinking.

Posted by Qwexotic on 05/26/2010 21:31:26
#25

Null Set wrote:
Hmm, as it seems, the simplification kind of made the challenge unsolvable through natural ways of thinking.

Well, in a sense, it teaches another quite valuable lesson then. ;)

Posted by anima1111 on 09/21/2010 15:07:36
#26

Has anyone tried putting any comment in challenge #14, because I think it ain't working just like challenge #13. I can't seem to put any comments in the comment section it just reloads the challenge page.

Posted by T D P on 09/22/2010 01:56:27
#27

i think u shud always take a look at source .... some times they give us quite valuable information....


and injct ur injection with value 123 coz with another value even correct injections wudnt wrk

Posted by nullbyt3 on 09/22/2010 16:25:08
#28

I just went to take a peak at 14 and it seems down? Maybe adding more injections..? We can only hope.


Ah, I can't wait til school is over so I can get to work on the missions I have missed. I just don't have time to sink 8 hours into a mission at the moment.

Posted by Qwexotic on 09/22/2010 19:39:59
#29

nullbyt3 wrote:
I just went to take a peak at 14 and it seems down? Maybe adding more injections..? We can only hope.


Ah, I can't wait til school is over so I can get to work on the missions I have missed. I just don't have time to sink 8 hours into a mission at the moment.

We're having some db issues on that challenge right now...

Same here, I just don't have the time for to MAKE more challenges at the moment...

Posted by Qwexotic on 09/22/2010 20:07:58
#30

Challenge 14 has been fixed. :)

Posted by Serinox on 09/22/2010 22:19:50
#31

Ok, so I've looked at the source on the pages and understand on of the things found there. I think I have the functions needed however I cannot get anything past the filter, I've gone through the links at the beginning of the post and couldn't make anything there work.

I've also read the articles on this site and several other sites, can anybody point me in the right direction on how to get things past the filter?

Posted by Null Set on 09/23/2010 00:24:30
#32

Serinox wrote:
Ok, so I've looked at the source on the pages and understand on of the things found there. I think I have the functions needed however I cannot get anything past the filter, I've gone through the links at the beginning of the post and couldn't make anything there work.

I've also read the articles on this site and several other sites, can anybody point me in the right direction on how to get things past the filter?


While the content of the other sites should work in reality, it will NOT work here. It's kinda sad that it doesn't. But anyway, as for a hint, the injection is really short AND it's a function that's given the arguments that you need to pop-up.

Posted by T D P on 09/23/2010 01:55:30
#33

Serinox wrote:
Ok, so I've looked at the source on the pages and understand on of the things found there. I think I have the functions needed however I cannot get anything past the filter, I've gone through the links at the beginning of the post and couldn't make anything there work.

I've also read the articles on this site and several other sites, can anybody point me in the right direction on how to get things past the filter?


hmm...... just wondering what are the tags to set color r doing there.....???

maybe admin wants our post to look beautiful....
LOL!!!

Posted by Serinox on 09/23/2010 13:17:05
#34

Shubham wrote:
Serinox wrote:
Ok, so I've looked at the source on the pages and understand on of the things found there. I think I have the functions needed however I cannot get anything past the filter, I've gone through the links at the beginning of the post and couldn't make anything there work.

I've also read the articles on this site and several other sites, can anybody point me in the right direction on how to get things past the filter?


hmm...... just wondering what are the tags to set color r doing there.....???

maybe admin wants our post to look beautiful....
LOL!!!


I know that part as well the problem comes that nothing I've read about the tags given works. It always seems to get filtered.

Posted by auditorsec on 09/24/2010 15:57:33
#35

Serinox wrote:
Shubham wrote:
Serinox wrote:
Ok, so I've looked at the source on the pages and understand on of the things found there. I think I have the functions needed however I cannot get anything past the filter, I've gone through the links at the beginning of the post and couldn't make anything there work.

I've also read the articles on this site and several other sites, can anybody point me in the right direction on how to get things past the filter?


hmm...... just wondering what are the tags to set color r doing there.....???

maybe admin wants our post to look beautiful....
LOL!!!


I know that part as well the problem comes that nothing I've read about the tags given works. It always seems to get filtered.


PM me on exactly what u r doing, may be i learn something out of it and hopefully guide you

Posted by T D P on 09/25/2010 05:47:51
#36

Well sm webs allow u to set d color bt dont filter d input. If u hav d function den ive told u everythn required.... N for sure PM me if u thnk u got it n still hav any prob. Bt dont want to post spoiler.

Posted by nullbyt3 on 09/25/2010 12:19:36
#37

Serinox wrote:
Shubham wrote:
Serinox wrote:
Ok, so I've looked at the source on the pages and understand on of the things found there. I think I have the functions needed however I cannot get anything past the filter, I've gone through the links at the beginning of the post and couldn't make anything there work.

I've also read the articles on this site and several other sites, can anybody point me in the right direction on how to get things past the filter?


hmm...... just wondering what are the tags to set color r doing there.....???

maybe admin wants our post to look beautiful....
LOL!!!


I know that part as well the problem comes that nothing I've read about the tags given works. It always seems to get filtered.


If I remember correctly, I found a tag that didn't get filtered, but still couldn't find the injection. I don't know if the tag was correct though because I never had a chance to complete the mission or even give it another whirl. I have a text file with everything I have tried somewhere for when I have the time to go back and try it again.

Still, with all the talk of this being a "short" injection, I don't know if the tag I got by the filter is correct or not.

Edited by nullbyt3 on 09/25/2010 12:20:34

Posted by Qwexotic on 09/25/2010 13:42:28
#38

The point of this challenge is to educate you on ONE SPECIFIC function that often gets left out. alert() will virtually always be filtered out, while this one can be forgotten (or not even known about in the first place)...

Posted by LordChiron on 10/01/2010 16:19:08
#39

Can I pm someone with what Im working on. Im rather stuck. Need a bit o' help.

Posted by Null Set on 10/01/2010 20:28:25
#40

LordChiron, you can PM me.

Posted by kastrata on 03/17/2011 04:10:59
#41

you guys were not kidding when you said it was a bit wierd to do....ive tried every varient of xss I can think of and its not working lol...spent the last 12 hours staring at it and pouring over forums....ive tried using an [img] xss injection with the bb codes url injections...a lot of diff ones...
2 questions
is it url or forum based
and is it browser dependant..does it have to be in IE or can it be in mozilla or IE?

or are those two indepth a question if so then I am sorry, just looking for the right direction

Posted by ne011 on 03/17/2011 05:45:55
#42

kastrata wrote:
you guys were not kidding when you said it was a bit wierd to do....ive tried every varient of xss I can think of and its not working lol...spent the last 12 hours staring at it and pouring over forums....ive tried using an [img] xss injection with the bb codes url injections...a lot of diff ones...
2 questions
is it url or forum based
and is it browser dependant..does it have to be in IE or can it be in mozilla or IE?

or are those two indepth a question if so then I am sorry, just looking for the right direction


1. It is form based
2. There is nothing here to be browser dependant,as i remember i tested before in IE,FF,chrome all are working
perfectly.

Moreover , this challenge is simulated ,so you need to follow the correct way ,which has been discussed previously by the members.

- - - - - - - - - - - - - - - -

Edited by ne011 on 03/17/2011 05:46:20

Posted by kastrata on 03/17/2011 14:17:16
#43

-grabs keyboard and hits himself with it nemurous times-....you gotta be shttin me...thats all there was to it?....really?....serious?.....ive been pouring over injections re writting my script over and over again....only to find it it was that fuckin easy.....I went to bed..woke up and was like....lets try not doing that anymore....-hits himself again-....ok...new keyboard

Posted by x2600 on 04/22/2011 04:46:41
#44

Well, the good news is I know what I've been doing will work in the real world. I know this because I tested it on my own forums. The bad news is none of my variations are working in the simulation. I've even tried things that don't make sense or that wouldn't work. Anyone mind checking out my answers?

Posted by cruizrisner on 04/22/2011 04:49:43
#45

i didnt do this one on SO but i did similar one on HvS and i remember this was quite the trick one lol, its like way out there on the odd scale sorta but it is based off of a real exploit

Posted by x2600 on 04/22/2011 04:52:04
#46

Yes I can tell it's way out there. I am actually more interested in finding out what the hell this odd exploit is now than I am in passing the challenge.

Posted by cruizrisner on 04/22/2011 05:03:54
#47

i could help you much but idk how to do it without the spoiler lol cuz there is a certain word that id have to say and ud eventually figure it out pretty quick, but that word is a spoiler so lol im bound. just refer to earlier links. there was a better place for this but i cant remember the location

EDIT: i found the link but its nearly a spoiler so idk whether its ok to post or not

so until staff decide its to spoilish or not here it is http://www.hellboundhackers.org/articles/748-CSS-XSS.html

Edited by cruizrisner on 04/22/2011 05:12:55

Posted by x2600 on 04/22/2011 05:29:03
#48

I'll keep trying. Thanks for the link.

Posted by madf0x on 04/22/2011 06:42:06
#49

My best advice is that when people start screaming at themselves for it being waaay simpler than you think they are not kidding. Idk if it's a spoiler but you only need two or three english words in the entire post. If you are using more, youre wrong :P

Posted by Guest on 04/22/2011 07:08:03
#50

In my opinion that challenge doesnt really teach anything. Since it only displays the right solution, you dont have the chance to "develop" your injection, you cant discover how it works, until you get it working. You need exactly the one solution that SO admins thought of, tough there are way more... Anything else, working or not will just not show anything. That kind of destroyed the fun in it for me.. :P

Posted by cruizrisner on 04/22/2011 18:47:34
#51

PublicEnemy wrote:
In my opinion that challenge doesnt really teach anything. Since it only displays the right solution, you dont have the chance to "develop" your injection, you cant discover how it works, until you get it working. You need exactly the one solution that SO admins thought of, tough there are way more... Anything else, working or not will just not show anything. That kind of destroyed the fun in it for me.. :P


well its demonstrating that specific type of exploit (which actually only works on IE)

Posted by Guest on 04/22/2011 20:12:05
#52

You dont seem to understand. If i enter [color:black] and see the style="color:black" in the sourcecode, i can build on that base, i can develop my injection. If this is not reflected in the source code, this gets a stupid guessing game, until you are lucky and hit the right injection.

If the color:black isnt reflected in the sourcecode, there is no chance that the exp*on() would.. unless some coder has a weird sense of humor.

Posted by cruizrisner on 04/22/2011 20:42:38
#53

PublicEnemy wrote:
You dont seem to understand. If i enter [color:black] and see the style="color:black" in the sourcecode, i can build on that base, i can develop my injection. If this is not reflected in the source code, this gets a stupid guessing game, until you are lucky and hit the right injection.

If the color:black isnt reflected in the sourcecode, there is no chance that the exp*on() would.. unless some coder has a weird sense of humor.


sounds familiar.. hm like sql injection for instance... do u know the correct db names? no. does just any name work? no. would u complain about that stuff too? who said its supposed to be easy and supposed to be how you want it? it is always about what the admins make it, they can make it easy or they can make it a bitch. but if you want to accomplish the task then you must do the dirty work. and guessing IS a part of hacking ;)

Posted by x2600 on 04/23/2011 00:48:24
#54

There is a point there, filters keep XSS out all the time; however, usually you can see how a filter reacts to things, whereas this seems a bit unconventional. I'm going to map what works and what doesn't in a small database. That should make the process of script selection much easier.

Posted by madf0x on 04/23/2011 12:06:01
#55

x2600 no not really. Simply because you are overthinking it. This challenge practically seems designed to trick you into overthinking it, trust people when they say it's way simpler than even what you would use in a basic real life one.

Its just one function really.

Edited by madf0x on 04/23/2011 12:06:20

Posted by nullbyt3 on 04/23/2011 12:54:11
#56

I prefer to be guided by earlier injections when crafting a proof of concept exploit, but yeah you can't always have that. So sometimes you have to guess until you get it.

Posted by x2600 on 04/24/2011 01:05:08
#57

agreed

Posted by saratoga on 06/14/2011 13:43:05
#58

i've tried with a lot of tutorial, e........(str...fromc.. ,e....(al..(123)), etc /* less the right option */
it filters the semicolon, i'm stuck, i need help!!!!

Edited by saratoga on 06/14/2011 13:54:48

Posted by ecsagnus on 06/14/2011 15:08:45
#59

I think someone will know that I'm trying to hack the basic 14 comment function... i have like 40 lines of |color||b| and |i| with some weird commands...
Anyone wanna wipe my traces? ;)

Posted by jbjoker on 06/15/2011 11:40:24
#60

Just a word of advice. I felt so stupid after I completed it. Look at what you wrote, it should work, but it doesn't. So simplify it. What can you remove? Guess and test. :)

Posted by BlindLemon on 06/18/2011 21:56:39
#61

i hope the people who are stuck are reading the source of every page to get as much info as possible

Posted by nurfed on 08/15/2011 10:03:47
#62

Pls.. someone could pming some small tip?
Its pretty gay if u cant see any development. just a cheap guessing game.

Posted by Techno Master on 08/20/2011 13:37:30
#63

Damn, with all my attempts looking like comments, as there currently are, any webmaster is by now going to work out what I am attempting

Posted by daneuchar on 10/14/2011 06:15:28
#64

i have almost tried everything from my side .. ASCII hex :( but all failed... any hint ?

Posted by The Dark Prince on 10/14/2011 06:42:24
#65

look in the source code or read previous posts, they have the answer, u just need to look deeper, google is ur best friend, and <script>alert(1)</script> or its variant wont help .
take a look at rsnake's xss cheat sheet.
ha.ckers.org/xss.html

Posted by nitrusinc on 03/17/2012 01:58:39
#66

Has anyone else experienced an issue where it stops accepting/recording comments? I think I broke it. It is no longer displaying any new comments.


I'm not sure where to go from now....

=/

Posted by nireal on 04/09/2012 14:32:06
#67

I must state the fact that this challenge is stupid and it seems it's VERY simulated. I was lucky that at some point I just copy pasted one example from Google and that was the one.
Tip: use 123

Posted by abraxyss on 12/21/2012 05:42:43
#68

this one sucks -.-

Edited by abraxyss on 12/21/2012 06:06:27

Posted by Teddy on 12/21/2012 08:58:59
#69

I agree that some other solution should be included. But that does not mean that the whole challange sucks.

Edited by Teddy on 12/21/2012 09:01:12

Posted by Guest on 12/26/2012 07:25:11
#70

If you have ways of solving a challenge that are not accepted, yet would work in the real world, you are very welcome to share them with us, and after beeing reviewed they will be included to be accepted.

To do so (Pick one way):

- Bugtracker
- Direct PM to an Admin (CrashOverron / NullSet)
- PM to an active Moderator (Teddy)

Posted by skewlboy on 01/11/2013 05:28:18
#71

I don't know if before the vulnerable bbcode tag would always be processed (after my first try with a full possible solution) but I just spent too many hours going in the wrong directions because the tag now is *never* processed unless it's the *exact* solution. Downside of the "simulated" exploits...
So if you guys try something that you think it should work, just remove everything you have until you have the minimum line that would work. Really, *minimum*.
And keep in mind it's simulated, so if you tag does not get processed, it doesn't mean you failed to skip a filter (there are none), it just means it wasn't the *expected* solution.

Posted by Guest on 01/11/2013 12:24:42
#72

If I were an admin i would recode the challenge to show the converted tags so you can work through it.
I want myself for President.

Posted by nitrusinc on 01/26/2013 18:11:34
#73

Can posting too many comments as attempts break it? I've had no luck just making guesses and trying it blindly... But I'm concerned it may not fire specifically because of how many attempts.

Can anyone validate this for me?

Will it fire, if properly executed, regardless of the amount of previous attempts?

Thanks.

P.S. - Hints accepted.

Posted by Guest on 01/26/2013 18:15:01
#74

i am working on improving this challenges right in this minute. please try it again in maybe half an hour.

Posted by nitrusinc on 01/26/2013 18:18:56
#75

Thank you, Sir.

I shall indulge in other challenges for the time being.

Posted by Guest on 01/26/2013 18:53:36
#76

Done.

Challenge Improvements - Basic 14

I hope this helps.

Can posting too many comments as attempts break it?


Not as far as i know.

Edited by Guest on 01/26/2013 18:54:15

Posted by tiburtio on 05/24/2013 10:08:25
#77

my God....so great challenge, this is! cheers to the creator!

Posted by jaatrox on 06/17/2013 08:56:52
#78

i m getting strucked with this plz tell me does it only works for ie or any other browser?????

Posted by jaatrox on 06/19/2013 13:29:26
#79

it sucks a lot ,,,badly stimulated a bad challenge in my opinion it sucksssssss


it really help u out there take this one

;);););)

http://jeffchannell.com/Other/bbcode-xss-howto.html

Posted by Abhinav2107 on 06/20/2013 00:13:56
#80

The exploit may fire depending on your browser. This is a good hint.

Posted by coba on 07/25/2013 03:28:55
#81

i got alert box with 123, but this challenge marked as not solved in my list. how is it checks when you solve this task?

Posted by coba on 07/27/2013 06:23:17
#82

hmm. how checks this challenge?

Posted by Teddy on 07/27/2013 08:45:52
#83

Coba: PM me your injection. I will tell you then what has to be changed to pass the challange!

Posted by sisyang on 12/13/2013 09:11:15
#84

Finally i got it..

every trying gives me a lot knowing and solving power and thickening and sweat ^^.

thank u admin. and this site forever..

regards.B)

Posted by TheWeasel on 02/22/2014 13:35:41
#85

Still struggling on that one ^^. I figured out about the function and where to put the injection, but it still won't work :/ I kept it simple though... Is there anything I forget ?
I finally finalized it^^, It was just a matter of spaces...

Edited by TheWeasel on 02/23/2014 01:12:44

Posted by dresel on 03/19/2014 04:00:14
#86

Hi, I used CSS Expressions for this challenge (which only works on old browsers or compatibility mode in IE) and got the alert box, but the challenge is not marked as complete - so I am not quite sure if I am heading to the right direction?