Dashboard Articles Playground Discussions More
Follow

Not getting the request

SecureUs

eseqrim
9 years ago | edited 9 years ago

0

I managed to bypass the limit, but i’m not receiving the request to my server.

I even submited another message after injection was working and still nothing…

11replies
5voices
292views
Richard Brook [RichardBrook]
9 years ago | edited 9 years ago

0

The level is offline! @flabbyrabbit usually fixes it quickly, but I guess you have to move to another level for now!

 

A beginner practices until he gets it right, a professional practices until he can’t get it wrong!

eseqrim
9 years ago

0

Ok, can you let me know when it’s fixed?
Thanks!

Richard Brook [RichardBrook]
9 years ago

0

I don’t know if it will be working today, but you can see if it is working in the real6 page . And check now and then if it says ‘ Level online’. It is currently ‘Level offline’

 

A beginner practices until he gets it right, a professional practices until he can’t get it wrong!

eseqrim
9 years ago

0

Ohh sorry, didn’t noticed that :|
Thanks!

Richard Brook [RichardBrook]
9 years ago

0

No problem, that feature is actually recent, so it is normal to miss it ;)

 

A beginner practices until he gets it right, a professional practices until he can’t get it wrong!

wanderer
9 years ago

0

Hmm… My injection works perfectly and still I have the same problem. The level is marked as being online.
Can any of you guys tell me why the script is not executed at all? It’s been more than a week since I’ve submitted it.

I’m, like some others, trying to attack without setting up a separate website, yet it seems nonsense not to have the XSS triggered, given this is not a fully simulated level that would look for a specific pattern.

Could someone contact me for a discussion?

Thx

 

mov si,pCard ;Captain?

dloser
9 years ago

0

It is still an automated check that is used, so don’t expect every method to work. Also, doing it without a separate website requires some assumptions on how things are implemented.

wanderer
9 years ago | edited 9 years ago

0

There were two such assumptions, one of which is less likely to work out, and the other - which plays a role in indicating execution (concerned with covering tracks) - should pretty much be fine, at least based on some comments in other threads.

If the JS is evaluated properly by the script, at least the execution-part should theoretically work.

I’m already chatting with Mugiwara27 about the issue, but I could send you my attempt at this one if you like.

 

mov si,pCard ;Captain?

Mugi [Mugiwara27]
9 years ago

0

As I told you in private message, your injection is too long ! You have to do a simple one
And I think you didn’t understand a main thing on the level works

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

wanderer
9 years ago

0

I think you might have misunderstood the script I’ve sent you. I got back to you with some clarification on that.

It’s pretty clear that a script periodically checks the page. What way less clear is what it might be doing with the page, since it seems not to be running the injected script.

 

mov si,pCard ;Captain?

dloser
9 years ago

0

Whatever it is, it sounds way to complicated. The simpler it is, the more likely it will work here.

You must be logged in to reply to this discussion. Login
1 of 12

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss