Username: 
Password: 
Restrict session to IP 

puzzled...  Go to the Yourself PHP challenge

Global Rank: 1476
Totalscore: 17780
Posts: 5
Thanks: 6
UpVotes: 5
Registered: 14y 276d


Last Seen: 9y 320d
The User is Offline
puzzled...
Google/translate1Thank You!1Good Post!1Bad Post! link
So... I think I found how to exploit the script. I actually made a JS alert pop-up
by exploiting it correctly
, but it doesn't seem to be what's needed to solve the challenge.

Any hints there?
Last edited by gizmore - Jan 14, 2011 - 22:19:41
Global Rank: 551
Totalscore: 45801
Posts: 220
Thanks: 208
UpVotes: 218
Registered: 13y 349d
space`s Avatar
The User is Offline
RE: puzzled...
Google/translate1Thank You!1Good Post!0Bad Post! link
you're on the right way
Contact only via c3BhY2VAd2VjaGFsbC5uZXQ= or PM...
Windows can be secure... but only if you don't use it Happy
Global Rank: 227
Totalscore: 94364
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 288d




Last Seen: 3d 9h
The User is Offline
RE: puzzled...
Google/translate1Thank You!1Good Post!0Bad Post! link
Minify or pm me your xss.

Edit: Also make sure you inject exactly <script>alert(1);</script>
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Jan 14, 2011 - 22:23:19
Global Rank: 1476
Totalscore: 17780
Posts: 5
Thanks: 6
UpVotes: 5
Registered: 14y 276d


Last Seen: 9y 320d
The User is Offline
RE: puzzled...
Google/translate2Thank You!1Good Post!1Bad Post! link
I forgot the ; after the alert! Now it works Smile
Redknee, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 12186 times.